Forum OpenACS Q&A: Response to Bugtraq: Oracle security

Posted by Jens Strupp on
Chroot - is it worth it?

If you run a box that just serves the purpose of running the
Community System an attacker is probably more interested in all the
peoples data - the profiles, the internal addresses, etc. Access to
it is not restricted by the chroot jail. Maybe good file permissions
on file system level offers enough protection.

Chroot or not, the question is how fast the intrusion is found.