> I had the same problem. My friend hosted with indialinks or some
> other Co in
> Goregoun/ Malad I think, and i bought that to their notice. But that guy
> simply
> ignored me.
Yep Sounds like Bhavin Chandrana to me........... Ignore all problems ...
they will go away!
abt the problem: have you tried to keep the passwd in a text file (chmod
600) .. then get your php script to read the text file; (btw for this to
work you have to mail the server admin (bhavin) and ask him to chown
nobody:nobody filename.txt for you.
Ofcourse it will be rather irritating to modify this file......
The real solution is something called virtual root; Man chroot to read all
about it...
No lowcost webhoster in the world provides this facility though.
There's yet another solution that I had explored... you have to write a
wrapper that will execute httpd with the pid of the user; INETD can control
both these ops; The problem with this approach is cost! in terms of speed.
The avg. sever has some 350 domains per p-166. It's not nice to have a
process per pid!!
Vishal
I used to be the sysadmin of a co that's been taken over by IndiaLinks.
[Ngenie.com]
> -----Original Message-----
> From: Shahed Ali [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, December 08, 1999 8:49 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [ILUG-BOM] security help :PHP +MySQL
>
>
> I had the same problem. My friend hosted with indialinks or some
> other Co in
> Goregoun/ Malad I think, and i bought that to their notice. But that guy
> simply
> ignored me. As far as i know, you need to have a didicated server for your
> work.
> I dont know of any other way, except ofcourse, you enter the password as
> part
> of a http POST. But then all your end users will also have to know the
> passwd.
>
> This is an interesting topic.
> -----Original Message-----
> From: ranjeet walunj <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Wednesday, December 08, 1999 7:54 AM
> Subject: [ILUG-BOM] security help :PHP +MySQL
>
>
> >hi guys
> >is there ne programmer in php+mysql ?
> >bcuz in php we get connected to mysqld with the strings like
> ><?
> >$hostname="urhostname";
> >$username="username";
> >$passwd="urpasswd";
> >
> >MYSQL_CONNECT($hostname,$username,$passwd);
> >?>
> >
> >now my problem is this .php3/.phtml file is world readable
> >evn if the directory in which it is placed is not having r/w access on
> >webserver
> >but ne 1 who is having telnet access (in case of webserver the other guys
> >who r hosting on the same server)
> >can copy the file without getting ne problem...thus he can get the
> database
> >passwd (which is very critical)
> >i've tried that n i could successfully get passwd for many
> sites(i mean the
> >DB passwd) on my server which r running php scripts
> >
> >will ne 1 working on securing weserver help me out plz....
> >or is there ne diff way of defining username+passwd in php script?
> >can external exec file EXPORT these variables ?how to get them in php
> script
> >working?
> >expecting a reply from u guys
> >ranjeet
> >
> >______________________________________________
> >FREE Personalized Email at Mail.com
> >Sign up at http://www.mail.com?sr=mc.mk.mcm.tag001
> >
> >To subscribe / unsubscribe goto the site www.ilug-bom.org ., click on the
> mailing list button and fill the appropriate information
> >and submit. For any other queries contact the ML maintener
> >
> >
>
> To subscribe / unsubscribe goto the site www.ilug-bom.org .,
> click on the mailing list button and fill the appropriate information
> and submit. For any other queries contact the ML maintener
>
>
To subscribe / unsubscribe goto the site www.ilug-bom.org ., click on the mailing list
button and fill the appropriate information
and submit. For any other queries contact the ML maintener
