Re: Security Hardening . . . . . . . (was Re: [tlug] Host Blocking and Logfile Parsing)

[Curt Sampson <cjs@example.com>]

On Sat, 20 Jan 2007, Jim wrote:

> Learn how to write safe shell scripts.
> ...
> As with shell scripts, learn how to write safe PHP code.

This is a terrible approach to security. Rather than asking people to be
perfect, it's better to assume that people will err, and create systems
that either make particular errors impossible, or catch them and deal
with them safely when the occur.

> Sandboxing is good, but sophisticated web apps need to interact enough
> with the rest of the system that big holes in sandboxing would be needed.

Not in my experience. Most of the web applications I've seen need only
to load their code, read data files and talk to a database.

Perhaps you could give me some examples of the "big hols in sandboxing"
you feel would be necessary.

cjs
--
Curt Sampson       <cjs@example.com>        +81 90 7737 2974