Focus on Linux Mode:
(Page 22 of 57)  < Prev  17 18 19 20 21 22 23 24 25 26 27  Next >
RE: Apache+PHP+ftp security 2005-03-28
Scott Fagg (scott fagg arup com au)
> -----Original Message-----
> From: abend [mailto:roy (at) clusterdigital (dot) com [email concealed]]
> Sent: Saturday, 26 March 2005 4:55 AM
> To: focus-linux (at) securityfocus (dot) com [email concealed]
> Subject: Apache+PHP+ftp security
>
> Hi all,
>
> I'm configuring a linux server which may act as our main hosting
> server. This is, we provide

[ more ]  [ reply ]
Apache+PHP+ftp security 2005-03-25
roy clusterdigital com (abend) (3 replies)
Hi all,

I'm configuring a linux server which may act as our main hosting
server. This is, we provide hosting services for small business, and
we need to configure our linux server to host their web pages. Our
clients will upload their files by ftp (now it's vsftpd).

Our first purpose was setting t

[ more ]  [ reply ]
Re: Apache+PHP+ftp security 2005-03-28
Kalevi Nyman (kan canit se)
Re: Apache+PHP+ftp security 2005-03-28
Shawn Parker (shawn parker cumulus com)
Re: Apache+PHP+ftp security 2005-03-28
Eduardo Tongson (propolice gmail com)
RE: A question about passwords and login/authentication 2005-03-11
Scott Fagg (scott fagg arup com au)


> -----Original Message-----
> From: Roman L. Daszczyszak II [mailto:romandas (at) gmail (dot) com [email concealed]]
> Sent: Thursday, 10 March 2005 6:57 AM
> To: focus-linux (at) securityfocus (dot) com [email concealed]
> Subject: A question about passwords and login/authentication
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have hea

[ more ]  [ reply ]
A question about passwords and login/authentication 2005-03-09
Roman L. Daszczyszak II (romandas gmail com) (3 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have heard that many *nix flavors used to default to using DES as
their password storage algorithm, but recently many Linux flavors tend
to use MD5 hashes instead, which are more secure to brute force attacks.

What I'm wondering is how long can a Lin

[ more ]  [ reply ]
Re: A question about passwords and login/authentication 2005-03-15
Pavol Luptak (pavol luptak i cz) (1 replies)
Re: A question about passwords and login/authentication 2005-03-15
Steffen Kluge (kluge fujitsu com au) (2 replies)
Re: A question about passwords and login/authentication 2005-03-16
Scott Gifford (sgifford suspectclass com)
Re: A question about passwords and login/authentication 2005-03-16
Mike Delaney (mdelan lusars net)
Re: A question about passwords and login/authentication 2005-03-12
Glynn Clements (glynn gclements plus com)
Re: A question about passwords and login/authentication 2005-03-11
Zero Burnout (zeroburnout gmail com)
Re: Deny Access To configuration file using php scripts 2005-03-05
Server Administration (administrator bluephyre com)
It does show up in phpinfo(), but if the SetEnv's are defined at the
VirtualHost level (I am assuming Apache web server) then they are only
accessible by that VirtualHost.

If a malicious user can get *your* VirtualHost to execute phpinfo(),
then you have other, arguably more critical, security i

[ more ]  [ reply ]
Re: Deny Access To configuration file using php scripts 2005-03-02
Suramya Tomar (security suramya com)
Hi,

>>There are a couple of things you can try, First you can use apache
>>directives to deny access to the file. To do that add the
>>following text
>>to the httpd.conf file:
>>
>><Files ~ "\.inc$">
>> Order allow, deny
>> Deny from all
>></Files>
>
>
> While that may stop the web-server

[ more ]  [ reply ]
RE: Deny Access To configuration file using php scripts 2005-03-02
Scott Fagg (scott fagg arup com au) (2 replies)


> -----Original Message-----
> From: Suramya Tomar [mailto:security (at) suramya (dot) com [email concealed]]
> Sent: Wednesday, 2 March 2005 9:59 AM
> To: raT
> Cc: focus-linux (at) securityfocus (dot) com [email concealed]
> Subject: Re: Deny Access To configuration file using php scripts
>
> Hi,
>
> > Hello i have a web server and i have a major p

[ more ]  [ reply ]
Re: Deny Access To configuration file using php scripts 2005-03-03
John Georgelas (jgeo solsec net)
RE: Deny Access To configuration file using php scripts 2005-03-03
administrator bluephyre ca (1 replies)
Re: Deny Access To configuration file using php scripts 2005-03-05
Mohammed Salih (webadmin grc ae) (1 replies)
Re: Deny Access To configuration file using php scripts 2005-03-07
Anton Titov (a titov host bg)
RE: Deny Access To configuration file using php scripts 2005-03-01
Tosoni (jean-pierre tosoni libertysurf fr)
Three-folded approach:
1) the config file must be owned by 'nobody' and readable only by 'nobody'. This takes care of the shell accounts.

2) use php safe_mode, this takes care of direct file access

3) specify a PHP safe_mode_exec_dir which will contain the bare minimum safe executables (dont put '

[ more ]  [ reply ]
(Page 22 of 57)  < Prev  17 18 19 20 21 22 23 24 25 26 27  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus