I would suggest simple post an url with the path against
whatever version and people feeling attracted will contact
you (even I might take a peek ;-)
- Markus
On Wed, Apr 03, 2002 at 11:50:36AM +0200, Chand wrote :
> hi everyone,
>
> I'm working on a hosting platform with a large number of users, and we need
> to ensure safety for our users considering the mysql Connection. Using a
> password is not good enough cause if someone succeeds in getting the source
> code of someone, he will get the password and then will be able to do
> anything from his account. Thus, i've been working on a patch that would
> allow me to enforce a mysql user login based on the script filename path.
> (in example /home/chand/mysql.php enforces the login as 'chand').
>
> I'd already done this patch on 4.0.4pl1 2 years ago and it worked. For our
> new Hosting Platform, we've decided to go up to 4.1.0, and i can't seem to
> make it work correctly. I randomly (looks like it's random), get Internal
> Server Errors from the Mysql connection functions. My patch is most
> certainly the cause of that. Using gdb, what seems to be the problem is a
> lack of memory being available or allowed by the system thus a crash. I
> really don't understand how this could be possible considering my patch
> looks good to me.
>
> I was wondering if anyone had any idea about such a problem. Basically what
> i do is get the PATH_TRANSLATED variable from the sapi_globals and use
> strsep to get the login name to enforce it as the Mysql User. Before i used
> strtok which actually was a bad idea since it's a completely broken
> function, now obsolete. strsep helped me get the ratio of ISE (Internal
> Server Errors) down to 1% of the pages correctly served. It's still not
> good for me. We need a fully working php.
>
> I can put up the patch here to see if you guys can see what i'm doing
> wrong. I've been working on this for a long time now looking at a lot of
> different things from application to system. Nothing i've tried seems to be
> working and my C code looks all right to me, but there might be some
> inconsistency with some inner way of dealing memory in php.
>
> I'd really appreciate any help on this, on this list or on a private basis.
> Thanks a lot for any insight.
>
> Later
> Chand
>
> --
>
> Mark Villemade
> Hosting Services Technical Manager
> Lycos Europe
> +33 1 53 27 24 05
>
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, visit: http://www.php.net/unsub.php
--
Please always Cc to me when replying to me on the lists.
GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc
"Mind if I MFH ?" "What QA did you do on it?" "the usual?" "ah... none :)"
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
