LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-19-2007, 02:53 PM   #1
AleLinuxBSD
Member
 
Registered: May 2006
Location: Italy
Distribution: Ubuntu, ArchLinux, Debian, SL, OpenBSD
Posts: 272

Rep: Reputation: 37
Security & web application.


Security & web application.
There is a difference on security on the use of symlink to refer to web applications?
Example:
If i use:
.../..../www
link_pippo_application

.../pippo_application/

Naturally www is the document root of my web server.

It's more secure than use directly?
.../www/pippo_application/

Bye Alessandro
 
Old 04-21-2007, 01:37 AM   #2
zaichik
Member
 
Registered: May 2004
Location: Iowa USA
Distribution: CentOS
Posts: 419

Rep: Reputation: 30
No, it's no more secure. What security aspects are you looking for? Access ccontrol, or what the application can do once launched, or what?
 
Old 04-21-2007, 02:03 AM   #3
AleLinuxBSD
Member
 
Registered: May 2006
Location: Italy
Distribution: Ubuntu, ArchLinux, Debian, SL, OpenBSD
Posts: 272

Original Poster
Rep: Reputation: 37
I don't know than i have questions.
But in which way it is possible to increase the security without to use a chroot system?

Bye Alessandro
 
Old 04-23-2007, 06:18 AM   #4
zaichik
Member
 
Registered: May 2004
Location: Iowa USA
Distribution: CentOS
Posts: 419

Rep: Reputation: 30
"Increase the security" without knowing any specifics is too broad a topic. Entire books are written on such topics.

The major insecurity that I have come across in web-based applications is a lack of user input validation. When getting user input from a form, there is often no attempt to verify that the user is supplying the type of information needed, or that the supplied input, if processed normally, will not have unintended consequences (SQL injection, mail header injection, code download/compile/execution, etc.)

If I were to give you only one bit of advice on security for your application, it would be to make sure that you are checking user input.
 
Old 04-23-2007, 07:51 AM   #5
AleLinuxBSD
Member
 
Registered: May 2006
Location: Italy
Distribution: Ubuntu, ArchLinux, Debian, SL, OpenBSD
Posts: 272

Original Poster
Rep: Reputation: 37
Do you know some clear example (or links) of best pratical to avoid this problem?

Thanks Alessandro
 
Old 04-23-2007, 05:49 PM   #6
zaichik
Member
 
Registered: May 2004
Location: Iowa USA
Distribution: CentOS
Posts: 419

Rep: Reputation: 30
Well, if the app is done with PHP, J_K9's The Problem With PHP Application Security is a good starting point. Even if it is not PHP, there are still valid points for any language there and at linked sites.
 
Old 04-24-2007, 12:43 AM   #7
AleLinuxBSD
Member
 
Registered: May 2006
Location: Italy
Distribution: Ubuntu, ArchLinux, Debian, SL, OpenBSD
Posts: 272

Original Poster
Rep: Reputation: 37
Thank a lot!
I don't like Php for many reasons but your link is very useful. It's a very good start point.
I hope to find also something to java web programming.

Bye Alessandro
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The Problem With PHP Application Security J_K9 Linux - Security 8 07-11-2008 07:26 PM
Web Application to grab large files from web addresses farmerjoe Programming 3 10-16-2005 08:49 AM
application that tightens fedora security animehair Linux - Security 5 11-17-2004 02:15 PM


All times are GMT -5. The time now is 11:58 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration