Quote:
Originally Posted by sortie
BTW, I think that is what the host should be doing.
I don't think the webmasters should run scripts as setgid etc...
|
There's been a way to run securely (albiet much slower) since Apache 1.2, which was released in 1996. It's called SuExec. It allows you to set a UID/GID for every virtualhost. Providers often can't afford to run it due to programmers writing bad code, such as those assuming it's the job of the webserver to ensure files are accessable.