let me back up my comments about security with quotes from the suexec and suphp documentation:
The suexec documentation opens by saying:
Quote:
|
it can cause any number of problems and possibly create new holes in your computer's security. If you aren't familiar with managing setuid root programs and the security issues they present, we highly recommend that you not consider using suEXEC.
|
So the creators of suExec highly recommend that you not even consider using it if you aren't familiar with managing the security issues of setuid root.
In other words, if you don't know what setuid root means and the dangers involved, you shouldn't even consider using suExec. That from the authors of the program.
suPHP is essentially the same thing as suExec, but slightly more recklessly coded and documented. The suPHP author does however acknowledge:
Quote:
|
a security bug in suPHP probably will allow atackers to run commands with root privileges
|
__________________
For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroids