I suggest you ...

← Service Improvement

Add the ability to lock down file write access per application (so one a compromised application cannot affect other)

Applications on the same server currently have write access to each others' files by default, which is an unnecessary security risk. For example, if you have multiple Wordpress applications on the same server and one gets compromised, the hacker could also compromise any other applications on the same server. If possible, it would be worthwhile to at least have the option to lock down file write access on a per application basis. I believe you already have apache running under separate users for each application, so this might be as simple as disabling the www-data group permissions.

3 votes
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Mark McEver shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

Service Improvement: Security

Categories

Feedback and Knowledge Base

(thinking…)