Re: SQL Access Problem

From: Antoine Pouch (antoine@ws-interactive.fr)
Date: 10/22/01 

Date: Mon, 22 Oct 2001 18:20:25 +0200
From: Antoine Pouch <antoine@ws-interactive.fr>
To: focus-linux@securityfocus.com
Subject: Re: SQL Access Problem
Message-Id: <20011022182025.5be5c7b2.antoine@ws-interactive.fr>

> But he knows apache which runs as nobody most be able to access the
file.
> Mifa needs that file for itself to create the database connection for
Mifa.
> Matt creates a script called hacksql.cgi.

Don't run Apache as nobody. Be nice to him, give him an user account.

Unless someone can explain why it should be run as nobody ? 

-- 
Antoine POUCH - Responsable technique - antoine(at)ws-interactive.fr
WS Interactive             15 Quai Lombard            31000 Toulouse
Tel. 05 62 30 80 70                              Fax. 05 62 30 25 45

Relevant Pages

  • RE: Howto strace apache as nobody/apache user?
    ... Something like usermod nobody -s /bin/bash would do the trick. ... Howto strace apache as nobody/apache user? ... Concerned about Web Application Security? ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • Re: Suexec with Apache 1.3.29
    ... > be that Apache itself runs as user nobody. ... I would argue that no file and no process on a system ought to be ... with Apache running as www, which in turn have their own uid's and ...
    (freebsd-questions)
  • Re: nobody user
    ... We run Apache2 as the nobody user and the whole ... webserver's document root is set to chmod 775. ... Is apache running as group "developer"? ...
    (comp.os.linux.misc)
  • Re: [opensuse] Running services as non-root user
    ... run as user nobody, then if someone compromises mysql and can make ... mysqld to execute arbitrary code - this new attack code will run as ... Now if apache is running as nobody, ...
    (SuSE)
  • Re: SQL Access Problem
    ... Subject: SQL Access Problem ... > Don't run Apache as nobody. ... It doesn't matter what user you run Apache at, ...
    (Focus-Linux)