[PHP] Permissions set on php script question
Hi, I'm very new to php. One thing I noticed in order to run the php program (on a linux server) I need to set the read permission for Other. In this program I'll have the MySQL credentials defined. Are there are any security concerns when the read permission is set like this. Wouldn't it be better if the permission was set for user only and the php engine could run the program as user like one can do for cgi using suEXEC. Couldn't one write a program to remotely read the contents of the file. Thank-you David J. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Permissions set on php script question
Bojan Tesanovic wrote: Heh you are really new to Linux permissions on linux are set per user/group/other bases so for most secure set permissions to read only for web-server user so chown 'webserveruser' file.php chmod 400 file.php make sure you have root access at server so you can change that file or make a group for web-server as your group and set read permissions on group level chmod 440 file.php Thank-you But most web sites are virtually hosted and do not have root access to set this up. Most people just take the package and install with default masks. So again I ask: Are there are any security concerns when the read permission is set on other. ie Couldn't one write a program to remotely read the contents of the file. Wouldn't it be better if the read permission was set for user only and the php engine could run the program as user like one can do for cgi using suEXEC. Again thanks David J.
[PHP] How to get a code review?
Hi, I'm a perl programmer and I've written a registration/login program in Perl. I've just finished writing a small program in php to check the login cookie created by my perl program for any php html page. Can anyone direct me to a list or forum where one can get a code review of the php by other experienced php programmers. Thanks David J. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to get a code review?
Nathan Nobbe wrote: how much code is there ? -nathan 200 lines Robert Cummings You could provide links to the source code and post the links here. Pastebin is often used... http://www.pastebin.com Thanks http://pastebin.com/m6c8cb17c Daniel Brown wrote: By code review, what exactly do you mean? A look-over to see if it's safe/secure? Really, that would be the job of the individual programmer. I work alone and this is basically my first program. I'm interested in feedback as to a. Am I using the variables correctly wrt global and local and passing by reference etc. b. Did I use the correct functions or are there better ones c. Security - of course d. Any suggestions on improving overall style. e. Is it ok to put the include file in the cgi-bin with my perl scripts. For many of you this is basic stuff probably but I want to make sure I'm getting it right. Note the login cookie is created by my perl script and the php program simply has to check that the user is logged in. Thanks David J. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] How to get a code review?
Nathan Nobbe wrote: On Thu, Apr 3, 2008 at 10:09 AM, David Jourard [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Can anyone direct me to a list or forum where one can get a code review of the php by other experienced php programmers. how much code is there ? -nathan I posted it at http://pastebin.com/m6c8cb17c Thank-you David J.
