Re: [PHP] In a shared environment...
> Relative newbie here, and I am just coming to grips with something that I > think is a very bad thing... Please tell me I am wrong. > > When using PHP, it is the Apache user that actually performs things, and > therefore needs permissions. For example, if I want to write data to a file, > I have to chmod o+w the directory it's in to get that to happen. > > The trouble with this, is a shared environment, doesn't this give anyone who > can use PHP on your system the ability to write over any other user's file > if they know the name of it? Am I missing something fundamental here? > > Any help would be appreciated! > > Bill Yep, that's the problem. Running in safe_mode will protect some of those things, along with other settings like include_path, etc. Best protection is to get a dedicated server, though, so you're the only one on it. They really aren't that expensive anymore. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] In a shared environment...
Dear Bill Leonard, Once you wrote about "[PHP] In a shared environment...": > Relative newbie here, and I am just coming to grips with something that I > think is a very bad thing... Please tell me I am wrong. > > When using PHP, it is the Apache user that actually performs things, and > therefore needs permissions. For example, if I want to write data to a file, > I have to chmod o+w the directory it's in to get that to happen. You can use PHP not only in combination with web server (like Apache), but also as a standalone compiler/interpreter (/usr/bin/php). > The trouble with this, is a shared environment, doesn't this give anyone who > can use PHP on your system the ability to write over any other user's file > if they know the name of it? Am I missing something fundamental here? If you are using PHP as a standalone tool there is no problem with this. On the other hand, if you do web development, then you do not usually write to files. You use database. If there is something you absolutely HAVE to write to file, then you can use /tmp directory for that purposes. -- Best regards, Leonid Mamtchenkov, RHCE System Administrator Francoudi & Stephanou Ltd. BOFH: It's stuck in the Web. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] In a shared environment...
Hi all, Relative newbie here, and I am just coming to grips with something that I think is a very bad thing... Please tell me I am wrong. When using PHP, it is the Apache user that actually performs things, and therefore needs permissions. For example, if I want to write data to a file, I have to chmod o+w the directory it's in to get that to happen. The trouble with this, is a shared environment, doesn't this give anyone who can use PHP on your system the ability to write over any other user's file if they know the name of it? Am I missing something fundamental here? Any help would be appreciated! Bill -- Bill Leonard [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php