Hi guys,

I have a server with multiple websites on it. Currently the websites function with php and I've secured it with fcgi by making each website function with a specific user. However I'm asked to install other languages like perl, ruby and python. I'm afraid users of the websites might abuse these languages to access and manipulate other things on the server as I do not have any experience with them. Are they safe to install? Do I need to do something similar to fcgi to secure them and limit them to specific users for each vhost? I appreciate the help.

Separation of privilege is one of the foundations of UNIX architecture. You did well isolating each website by assigning them their own unprivileged user account. And indeed you should not treat other interpreters differently.

Thanks a lot for the answer. May you point me to tutorials for doing this in for Perl, Ruby and Python? I'm afraid I have absolutely no experience with them and not sure where to begin. I can install them on the server, but not sure how to limit privileges to users as in the case of PHP's suexec and fcgi.

Thanks again, I appreciate it.

"A programming language" ... any programming language ... "is merely a tool." It is merely a different way of asking a digital computer to do something. And, therefore, it is not a source of vulnerability.

The only "source of vulnerability" is: "does the computer, when asked, do it?"

"Security is a process." Furthermore, it is very much a Chess game between two opponents, in which the computer is nothing more than the chessboard.

1 members found this post helpful.