Re: Very basic security question:
From: Curt Seeliger (seeliger.curt@epa.gov)
Date: 01/24/03
- Previous message: Mark Reardon: "Re: RE: VPN & PPPoE"
- In reply to: Brad Arlt: "Re: Very basic security question:"
- Next in thread: Brad Arlt: "Re: Very basic security question:"
- Reply: Brad Arlt: "Re: Very basic security question:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Curt Seeliger <seeliger.curt@epa.gov> To: security-basics@securityfocus.com Date: Fri, 24 Jan 2003 10:07:07 -0800
On Thursday 23 January 2003 11:31 am, Brad Arlt wrote:
>
> Though shalt not let network services alter any critical files is the
> best approach.
>
> What is normally done by myself and others I have talked to is a PHP
> gateway server. You would write a daemon that your PHP code talks to
> via a Unix domain socket. The protocol you use to talk to your daemon
> would include a username and password (so the deamon can ensure it is
> talking to an authorized user).
As a newbie, I don't see how this is more secure. The service is still
directly available via the network without the PHP program. Secondly, a
hostile user could make arbitrary account changes if they were able to
run the PHP program.
Waiting for enlightenment,
cur - still prefering cryptogams to cryptograms
-- Curt Seeliger, Data Ranger CSC, EPA/WED contractor 541/754-4638 seeliger.curt@epa.gov
- Next message: dave: "RE: Server Configuration Standards"
- Previous message: Mark Reardon: "Re: RE: VPN & PPPoE"
- In reply to: Brad Arlt: "Re: Very basic security question:"
- Next in thread: Brad Arlt: "Re: Very basic security question:"
- Reply: Brad Arlt: "Re: Very basic security question:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
