[Hcoop-discuss] CGI/PHP script security
Tanveer Singh
tanveer1979 at gmail.com
Sun Nov 6 22:48:04 EST 2005
On 11/7/05, Adam Chlipala <adamc at hcoop.net> wrote:
>
> I don't think anyone has replied to this, so I'm not going to change
> anything about our set-up for now.
>
I was thinking about the argument of a DoS attack. We allow ssh to hcoop. So
an attacker can ssh as root and take over the entire server. That is a
bigger security vunerability.
What makes it secure is that its password protected. So how about allowing
uploads etc., only from password protected applications. The user would have
to register his/her application with hcoop. Another thing which could be
done is limit the number of apache child processes/user. this way a DoS with
thousands of running processes could be prevented.
We could also impose a blanket cap of 200 script(Or any arbit number fydor
can handle). This way also we can stop such an attack.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hcoop.net/pipermail/hcoop-discuss/attachments/20051107/8137f448/attachment.htm
More information about the HCoop-Discuss
mailing list