[Hcoop-discuss] CGI/PHP script security
Tanveer Singh
tanveer at hcoop.net
Fri Dec 16 04:53:38 EST 2005
On 11/14/05, Davor Ocelic <docelic at hcoop.net> wrote:
>
> On Mon, Nov 07, 2005 at 10:28:33AM -0800, Chris Clearwater wrote:
> > On Mon, 2005-11-07 at 09:18 +0530, Tanveer Singh wrote:
> > > On 11/7/05, Adam Chlipala <adamc at hcoop.net> wrote:
> > > I don't think anyone has replied to this, so I'm not going to
> > > change
> > > anything about our set-up for now.
> > >
> > > I was thinking about the argument of a DoS attack. We allow ssh to
> > > hcoop. So an attacker can ssh as root and take over the entire server.
> > > That is a bigger security vunerability.
> >
> > I am pretty sure the default configuration of ssh is *not* to allow ssh
> > from root. Unless the admins explicitly enabled that option, I don't
> > think that is true.
>
> Well, logging in as root over telnet was disabled by default, but
> Linux distributions as well as Debian do allow root login over
> ssh by default.
>
> We explicitly turned it off very early in the setup process.
>
> I apologize for making this old topic alive again. The thing is that many
times when I open pages on my site, our server is unable to process the
request in 10 seconds, which is the script timeout time. So you get the
server error. Most of the times on refreshing it goes away. This happens
when server is loaded, this is my guess. So could we increase the limit to
something like 30 seconds. Dialup users face a big problem. One in three
times this "Premature end of scrit headers" comes up. If 30 seconds is too
much, I guess atleast 20 seconds should be given.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hcoop.net/pipermail/hcoop-discuss/attachments/20051216/e1bee9a0/attachment.htm
More information about the HCoop-Discuss
mailing list