• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

What is this "security concept" all about?

schlimpf

Basic Pleskian
Hello,

I am just wondering what kind of security Plesk Panel is trying to reach with things like open_basedir etc.
As an attacker, if I can execute PHP on the server, I can just execute a perl script which then can read all dirs/files that are readable by apache from the COMPLETE server. There is as far as I know no way to prevent this with only Plesk configuration.
So basically I try to break in some CMS like WordPress, upload a PHP script with it and then I got a whole lot more possibilities as "just" messing with the httpdocs folder.
This will of course work if Perl is DISABLED for the domain.

Feedback from the Plesk team is greatly appreciated.

If anyone is concerned about his/her security and dont know how to fix issues like this, you can contact me via PM.

Best
Mario
 
Last edited:
How about a chrooted environment for the apache process and/or the PHP FastCGI processes? I think this would be a huge step forward in security and willl give plesk a killer feature that is not available on competitor software like cPanel!
 
Back
Top