John Andersen wrote:
On 11/07/2013 10:51 AM, Ted Byers wrote:
But, not really being a PHP programmer, I do not know if that is due to sloppy PHP programming, poor design of the web application, of a defect in the PHP interpreter that in the wrong hands, gives the wrong hands access to the server's OS itself.
You can host a website without allowing ANY PHP on the site.
But PHP's vulnerability (as well as other vulnerabilities in many different web tools) is why the web server runs in a chroot jail by default on OpenSuse.
Uh, apache doesn't run in a chroot jail by default on openSUSE. -- Per Jessen, Zürich (12.1°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org