Apache webserver using root account.
Is it a good idea to be hosting a website while being logged in as root?
|
NO!!!!! NEVER!!!!11
Let say you write a buggy cgi script .. and it gets compromised (which happens alot) The hacker (cracker, whatchamacaler) will get root access to your machine.... Make the webserver run as a very very very restricted user. |
So I should create a very restricted user and then edit httpd2.conf to have the homepage in this users directory. Or would it be better to give the user access to the default apache directory?
|
Default directory is good ...
and default user is good ... Just NOT root And make shure that all files being server by the server and readble by the webserver's user. |
Alright thanks ill give it a try!
|
All times are GMT -5. The time now is 01:09 PM. |