On Wednesday 24 October 2001 08:19, you wrote: > Well, php runs the same as apache, so whatever apache can access, > php can access. > So any files with the db passwords that need to be accessed by php, > can be seen by all users who can upload php scripts to your server. That's not completely true. You can use open_basedir, safe_mode settings in apache's configuration, based on virtualhosts or even directories. This way you can restrict users, virtual hosts to their own directories. Arpi
> > Hello all, > > > > I am just configuring up a new web server, and I want to be able > > to run php only in the web servers main document root and in > > specified virtual hosts, I have a fair understanding on how to go > > about this, but would really like some feedback before I get to > > far into it. Basically the only directories I don't want to be > > able to use php are all the user directories (/~username) unless > > they have been mapped to a virtual host that has the right > > directives in them to enable php. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]