Lighttpd can be run quite securely, if we invest a little in its security. We can use the built-in methods to achieve the least privilege, and hence the highest security.
The least we should do is configure Lighttpd so that it will give up root privileges after binding to the needed ports.
If our site is a high-profile site and/or handles monetary transactions or sensitive user information, we should go all the way and put Lighttpd into a chroot environment. In doing so, we need to be very careful not to create any new entry points for attack.
Putting the backend in a separate environment and keeping only a FIFO open to connect both the environments can introduce another considerable barrier for hackers. This way, at least the backend is cleanly cut off from the outside as well as from the static files. So, attacks that require interferences between both are diverted.
Finally, a small table of pros and cons for both methods:
Changing User / Group |
Running in Chroot Environment | |
---|---|---|
Pro... |