I'm not sure about FreeBSD but on Redhat, the /etc/passwd 'IS' meant to be world readable. But fortunately it's only stores usernames and Real names and etc.. whereas /etc/shadow is only root readable and it's the file that stores user's passwords.
I think that's pretty secure. Why are you parsing through /etc/passwd anyway? Anyway, I might have gotten your question wrongly or something. I still need to figure out how to "JAIL" apache or 'ensure that you put files like /etc/passwd OUTSIDE your web root.' That;s something which I've not know how to do YET. Cheers, Mun Heng, Ow H/M Engineering Western Digital M'sia DID : 03-7870 5168 -----Original Message----- From: Daniel J. Rychlik [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 1:46 AM To: Marek Kilimajer; Mantas Kriauciunas Cc: [EMAIL PROTECTED] Subject: Re: [PHP] download php You should also store passwords in a non-readable to the world directory. -Dan ----- Original Message ----- From: "Marek Kilimajer" <[EMAIL PROTECTED]> To: "Mantas Kriauciunas" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, July 10, 2003 5:01 AM Subject: Re: [PHP] download php > Do you use secure connection? Well, you should. > > Mantas Kriauciunas wrote: > > > Hello php-general, > > > > some hacker just tries his luck everyday to get me pissed, is it > > possible to make php files not downloadable? or coded? or something? > > because some dude knows my passwords every time, and with them > > passes the shity security to main user, thank god not root. > > > > So is there any way? > > > > if anyone knows any links or resources, please reply, i'll check > > them, i need to put this to end > > > > P.S system is freebsd. > > > > Thank you!!! > > > > there are even more and more kids that want to be named haker, > > lookin at their age, could be even my son:) > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php