lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <121270000.1061345320@localhost>
From: pauls at utdallas.edu (Paul Schmehl)
Subject: securing php

--On Tuesday, August 19, 2003 20:10:48 -0400 Michael Gale 
<michael@...esuperman.com> wrote:
>#
> User nobody
> Group #-1
> </IfModule>
> </IfModule>
> --snip--
>
> I am not sure if the windows version has this option - it may have
> something similar.

I'm not sure why you would *want* to run Apache on Windows, but I'm certain 
that it would have the same options as *nix where possible.  If you're 
insistent in running a web server on Windows, Apache is probably the better 
choice, though.

The problem with Windows is that the concept of running servers as 
unprivileged users or starting a daemon as root and then dropping 
privileges doesn't correspond one to one with the *nix security model.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ