[Hcoop-discuss] CGI/PHP script security
Chris Clearwater
chris at detriment.org
Mon Nov 7 13:28:33 EST 2005
On Mon, 2005-11-07 at 09:18 +0530, Tanveer Singh wrote:
> On 11/7/05, Adam Chlipala <adamc at hcoop.net> wrote:
> I don't think anyone has replied to this, so I'm not going to
> change
> anything about our set-up for now.
>
> I was thinking about the argument of a DoS attack. We allow ssh to
> hcoop. So an attacker can ssh as root and take over the entire server.
> That is a bigger security vunerability.
I am pretty sure the default configuration of ssh is *not* to allow ssh
from root. Unless the admins explicitly enabled that option, I don't
think that is true.
More information about the HCoop-Discuss
mailing list