32
edits
Changes
→The problem
</pre>
With PHP you could use open_basedir to prevent this, but there are more ways. Another For example is [http://mgeisler.net/php-shell/ PHP Shell], a script that is [http://mgeisler.net/downloads/phpshell/SECURITY often mis-used] by people with not-so-good intentions. Or think about the [http://www.f-secure.com/v-descs/santy_a.shtml Santy-worm] which mis-used phpBB. Again there is a solution in the form of safe_mode, but lots of PHP scripts break if you enable this. For Python, Perl or CGI-scripts there are no easy ways and you have to use wrappers or other tricks to chroot these. Most users don't want to hear about security (unless you show them how easy it is) and just want there scripts to work. Some do care, but his/her own server is much to expensive. And finally we didn't talk about hidden bugs in almost every security measure we mentioned. A knowledgeable person can almost certain find backdoors because of the vast amount of possibilities these scripting languages offer.
== The solution ==