>Ok, I'm over it. Now...
>Does anyone know how to set up MySQL, or phpMyAdmin to restrict users to a
>single database? For instance, the user JoeBlow...
>Joe has a database called JB, I want him to have full access to it and
>nothing else. How would I go about doing this? I'd also like him to have
>access to it via PHP, so he can write his own PHP script that'll let him
>manipulate his database. I just need to lock him out of averything else.
This is a MySQL question, and it looks like you haven't even read the install notes.
>And also...
>How do I go about securing PHP functions. For example, at the moment Joe
>can upload a PHP script that deletes /etc/named.conf. NOT GOOD!
>Is there some options you can parse to PHP at compile tim that will
>deactivate these features, or maybe some other way I can give users full
>access to all of the PHP functions, but they're restricted to their home
>dir.
You can set the open_basedir option in php.ini (look that up),
you may be able to set this in a smart way through apache config somehow
to get it to reflect the requested website's directory.
Also you could try and 'chroot' Apache to make sure it never touches system files.
Do some research!
bvr.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
