• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
One application for multiple sites, maintainability vs security

#11
[eluser]mvdg27[/eluser]
Hi Guys,

Sorry for my late response .. I've been on holidays for a week Smile ..

Anyway, Randy, could you elaborate a bit on this:

"per-user/per-execution base-dir restrictions to prevent the problems I mentioned above" ..

What exactly do you mean by this?

@Bramme: "I guess you could scan for php and text files, read them into a variable and scan that variable for possible malicious code." -> that's a nice idea .. but how to define malicious code, then? It seems like a hell of a task to come up with possible hacks .. especially for someone with no experience at all, in the hacking-business Wink

Thanks! Michiel

#12
[eluser]Bramme[/eluser]
Well, as Randy said, you could simply restrict the use of any functions that read/manipulate directories and files, stuff like glob, fopen, fwrite, fread, mkdir, unlink etc...

#13
[eluser]Randy Casburn[/eluser]
Sure -- user base-dir restrictions - they were designed to help with situations like yours. If it's set up properly it should aid you, not hinder you.

Randy


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.