On 11/07/2013 10:51 AM, Ted Byers wrote:
But, not really being a PHP programmer, I do not know if that is due to sloppy PHP programming, poor design of the web application, of a defect in the PHP interpreter that in the wrong hands, gives the wrong hands access to the server's OS itself.
You can host a website without allowing ANY PHP on the site. But PHP's vulnerability (as well as other vulnerabilities in many different web tools) is why the web server runs in a chroot jail by default on OpenSuse. Its also why the web server does not run as root, and runs as a fairly restricted user. By the way, jails are not totally unbreakable, there are tricks, but the holes have been progressively closed over the years. Google is your friend. -- Explain again the part about rm -rf / -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org