Comment Re:why give much of a crap (Score 0) 194
If you allow scripting on your server, then you've essentially given your users shell access, anyway.
you have to remember that with openbsd, apache runs in a jail which when set up right limits the user to only the php functions which are currently enabled on the system (in the php case), without the ability to call (exec) other programs. Bundle that with a firewall running on the local machine limiting what traffic can be passed out (by states obviously, so it can't originate on the local machine and send out via port 25 for example) can be very effective against attacks, and mitigating problems if someone can get into the system (everyone should make sure that they know how to find people if they do get into the system in the first place though).
Although, as your original statement says, any vulnerability should be addressed very seriously, and my response above does not make it alright to forget about these situations.
just my two cents
you have to remember that with openbsd, apache runs in a jail which when set up right limits the user to only the php functions which are currently enabled on the system (in the php case), without the ability to call (exec) other programs. Bundle that with a firewall running on the local machine limiting what traffic can be passed out (by states obviously, so it can't originate on the local machine and send out via port 25 for example) can be very effective against attacks, and mitigating problems if someone can get into the system (everyone should make sure that they know how to find people if they do get into the system in the first place though).
Although, as your original statement says, any vulnerability should be addressed very seriously, and my response above does not make it alright to forget about these situations.
just my two cents
