From owner-freebsd-questions@FreeBSD.ORG Thu Apr 29 13:16:10 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3820C16A4CE for ; Thu, 29 Apr 2004 13:16:10 -0700 (PDT) Received: from www6.web2010.com (www6.web2010.com [216.157.5.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id E5E2E43D54 for ; Thu, 29 Apr 2004 13:16:09 -0700 (PDT) (envelope-from MLandman@face2interface.com) Received: from delliver.face2interface.com (dialup-wash-129-203.thebiz.net [64.30.129.203] (may be forged)) by www6.web2010.com (8.12.10/8.9.0) with ESMTP id i3TKFuoU010781; Thu, 29 Apr 2004 16:15:58 -0400 (EDT) Message-Id: <6.0.0.22.0.20040429160121.136e6220@pop.face2interface.com> X-Sender: face@pop.face2interface.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Thu, 29 Apr 2004 16:16:04 -0400 To: Mikkel Christensen , freebsd-questions@freebsd.org From: Marty Landman In-Reply-To: <200404291954.04559.mikkel@talkactive.net> References: <200404262126.36157.mikkel@talkactive.net> <200404291713.13999.mikkel@talkactive.net> <6.0.0.22.0.20040429140657.11cf1120@pop.face2interface.com> <200404291954.04559.mikkel@talkactive.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: Suexec with Apache 1.3.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Apr 2004 20:16:10 -0000 At 03:54 PM 4/29/2004, Mikkel Christensen wrote: >But lets face it, if you have many users on your webserver some will do so >occasionally (eg. many users take advantage og fora like PHPBB and PHPNuke >which stores the database password in cleartext). And when they do you >will have to deal with the mess as the administrator. I don't know those in particular though I've heard of them. Am more a developer than sysadmin. Unfortunately stuff happens. PHP isn't going to run under suexec though so how is this relevant? >Also the problem when running a webserver with many users you don't know >is to get them to use the right permissions. Hmm, people very commonly drive cars which have precise rules for driving, and rules of the road for driving in community. Yet we don't witness accidents every hour at every intersection. Why? IMO it's because the average person has a healthy sense of survival and the intelligence to learn reasonable care. Of course bad drivers have burdensome insurance costs to weight against their poor driving records. What incentive/education do bad hosting customers have? >All this suexec does no good if the users apply chmod 777 (and trust me >some do!) to all their files:( I'd argue that the web, like driving, isn't for everyone. /It is/ for everyone willing to learn and apply the rules of the road. People have been sold the concept that they can get cheap or free hosting, cheap or free web design (perhaps by a niece or friend's computer genius kid) and make $$ sitting at home checking their email. This has led to cheap computers with often horrendous technical support and minimal QA at the factory, ridiculously simple minded security holes at gazzillions of urls, and a relatively small percentage of decently made and easy to use sites, with an even smaller percentage making at least a little bit of money. Sorry for the rant. :) Marty Marty Landman Face 2 Interface Inc. 845-679-9387 Web Installed Formmailer: http://face2interface.com/Products/Formal.shtml FormATable DB: http://face2interface.com/Products/FormATable.shtml Make a Website: http://face2interface.com/Home/Demo.shtml