Secure scripts with Apache Suexec

PLEASANT DREAMS

Article from Issue 84/2007
Author(s):

For many admins, the security of a web application is more important than its performance. If you have a web server with multiple users, the Suexec module can help you avoid problems associated with globally writable directories.

If you follow security mailing lists, you know that web applications can be security nightmares. The reason for this is the subject of heated debate. Are languages like PHP to blame? Do too many web developers simply lack the skills to write secure applications? Whatever the cause, one thing is certain: something’s got to change. A holistic approach that redevelops every web server component from scratch is highly unlikely. Instead, the protagonists of the Apache project are working on improving individual components; although most people agree that this is not a perfect solution, it is infinitely better than no solution.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Web Wizardry Intro

    New tools for the web appear every day. In this issue, we round up some promising technologies, including Apache's Suexec module, the new WS-Addressing standard, the Helma application server, the Perlbal web server, and microformats.

  • Light Web Server Alternatives

    Apache has ruled the web since the mid-90s, but not all users are happy with it. Recent competitors Cherokee and Lighttpd offer an uncomplicated alternative for users who are looking for something light.

  • Web Authentication

    Apache offers several options for adding a password-protected area to a website.

  • Security Lessons: Virtual Hosts

    Creating secure websites with their own privileges on a single server.

comments powered by Disqus