Gerben wrote:
I think he is talking about the password that is written inside the script in the mysql_connect statement. I think he is worried that someone could access it's code and find out the DB password.
What I am concerned about is a local user on the server machine, not access through the web server. It sounds like it can be done if there is a separate user or group for the web server process, but this site specific. It would be difficult to distribute a program and use a generalized install routine to install the file containing the passwords to be edited by the site admin.
-Bob
The only way I know to achieve this is to install apache with the suexec option. This has no effect on mod_php but does on the cgi version. So then install the cgi version of php. A virtual host can run with the effective uid and gid of the account holder (user). Scripts can then be installed in the cgi-bin, owned by that user with permissions 0700. No other user can see them yet apache will be able to execute them. The database password can be in your script or in an include file with these permissions.
If you want to distribute a program, there are obvious problems - apache is not always installed suexec and the cgi version of php is rarely installed (it doesn't conflict in any way with mod_php, though. You can have both).
Bear in mind that this issue affects every distributed php application, including horde, php groupware and so on. Most shared servers run a form of ftp that chroots users into their home directories, and this helps. The main thing is to keep the file with the password out of the webspace (an include path can be anywhere), or make an apache configuration file part of your distribution, to be included in httpd.conf (viz horde), that restricts access to a directory that is intended for configuration files.
Peter.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
