On Wed, May 29, 2002 at 11:59:44AM -0400, Jeff Dafoe wrote:
> > I don't understand what risks there are to the server and
> > machine as a whole, such that the server owner should be
> > reluctant to enable this feature. Could someone please tell
> > me what are the risks and how are these risks controlled in
> > typical "good" use of suEXEC?
> to run in a mass hosting environment under apache without the use of suexec.
> Running end users' CGIs as the same user as the web server is asking for
> problems, IMHO. Suexec, when improperly configured, can create a security

( && helo Glynn Long time no stream too.. ;-)) Anyways suexec is_a_helper.
I would agree with you that suexec is a good thing. It helps babysit
if you like is all. But it is not a universal solvent. Nothing really
is.. 'suexec helps fix common issues with scripts other than the
actual guts of cgi-script itself.' I would agree with you as well that it
lends to a added layer of abstracted web security if you will. whew:-)
Is anyone using cgiwrap that is also familiar with suexec? Would like
to know their opinions on the comparison.

Best Regards,
dreamwvrdreamwvr.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]