|
Gert Cuykens
gert.cuykens at gmail.com
Tue Jun 12 22:06:32 EDT 2007
On 6/13/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote: > On 13/06/07, Gert Cuykens <gert.cuykens at gmail.com> wrote: > > By secure i mean a psp file that is accessible by a internet user like > > a html file is less secure then a handler witch only a root user can > > have aces too. > > That a handler source code file wouldn't be exposed due to a > configuration mistake would only be true if it is outside of the > document tree. It is possible to put handler code files in the > document tree and sometimes this is quite convenient as it means you > can utilise Apache's URL dispatch for various things rather than > writing a slower one of your own in Python code. Also, handler source > code files wouldn't necessarily only be readable as root as Apache > child processes shouldn't be run as root, but as a separate user. Thus > that user has to be able to read the handler source code files and all > directories down to it or Apache can't work. Thus, must be all group > owned by Apache user or made readable to others. Thus, things other > than root will be able to read it one way or the other. > > Graham > Still www-data user outside the doctree is more secure then internet user inside doctree :P
|