Igor Smitran
New Pleskian
httpd setup will not be secure until developers setup chrooted httpd process (per client).
open_basedir is not safe enough. It is easily overriden and an attacker can easily have access to entire disk, including all other hosted sites.
Also, open_basedir will not help when an attacker uses perl/cgi-bin by uploading custom .htaccess file.
I have already discussed with Plesk support about this problem, about a year ago. I am asking you again, please, make httpd process chrooted. If you need any help with this feel free to contact me.
When i was using old plain hosting server i didn't have web interface for clients but my server was 10 times safer.
Please, make this a feature request. I am willing to help you with this process...
open_basedir is not safe enough. It is easily overriden and an attacker can easily have access to entire disk, including all other hosted sites.
Also, open_basedir will not help when an attacker uses perl/cgi-bin by uploading custom .htaccess file.
I have already discussed with Plesk support about this problem, about a year ago. I am asking you again, please, make httpd process chrooted. If you need any help with this feel free to contact me.
When i was using old plain hosting server i didn't have web interface for clients but my server was 10 times safer.
Please, make this a feature request. I am willing to help you with this process...