Re: SQL Access Problem
From: Marc Ende (me@nowhere-operations.net)Date: 10/25/01
- Previous message: Brian Clifton: "nimbda and other apache attacks"
- Maybe in reply to: jaywhy: "SQL Access Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <200110251013580927.0E5520E3@smtp.puretec.de> Date: Thu, 25 Oct 2001 10:13:58 +0200 From: "Marc Ende" <me@nowhere-operations.net> To: "jaywhy" <jaywhy2@home.com>, focus-linux@securityfocus.com Subject: Re: SQL Access Problem
Hi jaywhy,
it's a little bit of security by obscurity.
But this is one way, If other users can't get into your directory (thats why "chrooted"), then
they have to guess a) the name of your server root, b) the location of your account-data and
c) you don't need to use suExec (I don't like it, but this is only my personal opinion).
Marc
*********** REPLY SEPARATOR ***********
On 24.10.2001 at 20:05 jaywhy wrote:
>Chrooting ftpd will not help stop Apache from executing CGI that print outs
>the configuration file. Shell access doesn't matter either, since someone
>could just upload the script. As for changing the configuration file name
>to something obscure, sounds like security by obscurity.
- Previous message: Brian Clifton: "nimbda and other apache attacks"
- Maybe in reply to: jaywhy: "SQL Access Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
