Hi,
What do you think about the following configuration:
1) safe-mode on : this ensures that a php script can read only files that
are owned by the same Unix user on the machine; then just check that people
having a right to use php and mysql on your box have all a different
corresponding Unix user.
2) open-basedir : put this parameter for each "php directory" to this
directory; then the scripts cannot access files that are elsewhere on the
server
In Apache httpd.conf it would be like:
<Directory /path-to-a-php-directory>
AddType application/x-httpd-php .php .php4
AddType application/x-httpd-php-source .phps
php_admin_value open_basedir '/path-to-a-php-directory'
</Directory>
Has someone tested it ? Do you see a problem in it ?
Estelle
"Andrzej Swedrzynski" <[EMAIL PROTECTED]> a écrit dans le message news:
[EMAIL PROTECTED]
Hello!
Recently someone asked how to ensure that no one will read pas
sword from php file. The only response I noticed was to create
group and add apache user (often nobody) to that group. I consi
dered this and I can not see what would stop other users from
writing php script (run also as nobody) which reads filesystem
with permissions of apache?
Is there a method of making php as module really secure?
Regards,
Andrzej
--
http://kokosz.horyzont.net
http://www.earthdawn.pl
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
