Security - moneymayur/Misc GitHub Wiki

FTP -> Unencrypted Remedy -> SFTP that has encrypted data.

HTTP -> Stuff at Risk -> Session Cookie (suPHP -> allows users to execute who had created it)

                  -> WSGI

httpd, Apache, nobody -> Only account that can be compromised but not the root -> Disadvantage of running through root.

put users and Apache/httpd/nobody in same folder and provide mod g+ r ->read only access to everything