On Wednesday 24 October 2001 08:19, you wrote:
> Well, php runs the same as apache, so whatever apache can access,
> php can access.
> So any files with the db passwords that need to be accessed by php,
> can be seen by all users who can upload php scripts to your server.
That's not completely true. You can use open_basedir, safe_mode
settings in apache's configuration, based on virtualhosts or even
directories. This way you can restrict users, virtual hosts to their
own directories.
Arpi
> > Hello all,
> >
> > I am just configuring up a new web server, and I want to be able
> > to run php only in the web servers main document root and in
> > specified virtual hosts, I have a fair understanding on how to go
> > about this, but would really like some feedback before I get to
> > far into it. Basically the only directories I don't want to be
> > able to use php are all the user directories (/~username) unless
> > they have been mapped to a virtual host that has the right
> > directives in them to enable php.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
