I'm sure alot of you out there have wrecked your brain when deciding on how to handle server side scripting language security. It seems to be the dirty little secret that no one discusses publicly, but admins really concerned about security need to start taking measures to avoid hosting clients from getting root on a box.

Of different webhosts that I've auditted, I've been able to leave home directories, read and write to other user's directories, access parts of the file-system that should not be accessible, and edit system configurations. This problem exists with too many webhosts out there. I'd like to start this thread to raise awareness, and to share ideas.

Does anyone here have first hand experience in securing a webhosting environment? Please share thoughts, ideas or experiences.


--PuRe