View Single Post
  #2   (View Single Post)  
Old 6th April 2013
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by barti View Post
does "privilege separation" really is a saver or not?
Privilege separation limits the access of the application to only what it needs to execute. Nothing more.
Quote:
a real advantage even against sql attacks or php code problems ?
This is a broader problem class which privilege separation by itself does not address, nor can it.
  • Most SQL vulnerabilities stem from incorrectly formed SQL which reveals table information not intended to be made public, or more simply deletes tuple values. This is caused by poor application design & implementation, not privilege separation.
  • PHP coding errors are caused for numerous reasons, but most often through inexperience.
Quote:
If not, then openbsd is useless as a web server .
Such wildly inaccurate & unsubstantiated claims really don't help anyone.
Reply With Quote