Hacker News new | past | comments | ask | show | jobs | submit login

Another thing to do is the webserver should not have any write access to the files it serves.

The files must be created by a different account. For certain setups this can be problematic, but it's a good idea for most.




This completely falls over for popular packages like Joomla, unfortunately, which have miserably bad caching systems and file upload mechanisms and web-based upgrade functions and module installers and the like.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: