Closed DMW007 closed 6 years ago
ang3lx
commented
8 years ago this is adviced from many people (from me too) I can't understand why this thing is at last place for EE devs. We are talking about security :(
Thousand of CMS as wordpress or Joomla (and many other opensouce cms) are hacked every day, and this can cause the possible tampering of other web spaces or of the same server
dfroberg
commented
8 years ago This is a very good suggestion.
andremacola
commented
8 years ago See #150
wpinfos
commented
8 years ago Should still be top prio :)
LornaU2
commented
8 years ago This is very important and needs to be completed.
rahul286
commented
6 years ago Sorry for a delayed reply.
In v4, we will be running every site in their own containers. So this is no longer relevant.
If you have any ideas to achieve above in containerized setup, feel free to create a new issue with details.
EasyEngine is smart, but seems to forget caring about user-security: No ACLs are configured except using www-data for serving content, and php does not use the chroot-security feature. This is a big security risk! When you have a vulnerable application, in the worst case an attacker can control the entire server.
Why not at least creating a new php-fpm pool for every site and configure them so that php is chrooted in the directory of the application? This would help a lot to increase the security. I like EasyEngine, but without caring about the security its not very useful for me. Configuring an default-server with php is no such a big deal.
But you always need to repeat work like jail the php-fpm pool in a specific directory or disable dangerous php-functions which can harm the system. EasyEngine would be a very great tool, if he also automate this work and do some security out of the box. I would be pleased, if you could add this in another release.