Re: [PHP] Enabling php in only certain hosts and directories
Well, php runs the same as apache, so whatever apache can access, php can access. So any files with the db passwords that need to be accessed by php, can be seen by all users who can upload php scripts to your server. In the case of virtual hosting. So trust people you give access, even limited, to your machine. On Wednesday 24 October 2001 02:42 am, you wrote: Hello all, I am just configuring up a new web server, and I want to be able to run php only in the web servers main document root and in specified virtual hosts, I have a fair understanding on how to go about this, but would really like some feedback before I get to far into it. Basically the only directories I don't want to be able to use php are all the user directories (/~username) unless they have been mapped to a virtual host that has the right directives in them to enable php. BTW: Running Apache/1.3.22, PHP/4.0.6, RedHat 6.2 Any feedback would be greatly appreciated, Regards, Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Enabling php in only certain hosts and directories
On Wednesday 24 October 2001 08:19, you wrote: Well, php runs the same as apache, so whatever apache can access, php can access. So any files with the db passwords that need to be accessed by php, can be seen by all users who can upload php scripts to your server. That's not completely true. You can use open_basedir, safe_mode settings in apache's configuration, based on virtualhosts or even directories. This way you can restrict users, virtual hosts to their own directories. Arpi Hello all, I am just configuring up a new web server, and I want to be able to run php only in the web servers main document root and in specified virtual hosts, I have a fair understanding on how to go about this, but would really like some feedback before I get to far into it. Basically the only directories I don't want to be able to use php are all the user directories (/~username) unless they have been mapped to a virtual host that has the right directives in them to enable php. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Enabling php in only certain hosts and directories
Thanks! What would people reccommend? 1) just using safe mode 2) using open_basedir and disable_functions 3) all of the above? 4) Just shutoff the server :) If (2) or (3) what functions are most at risk? I understand that safe_mode limits quite a few already. Regards, Joseph -Original Message- From: Tamas Arpad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 24 October 2001 11:01 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Enabling php in only certain hosts and directories On Wednesday 24 October 2001 08:19, you wrote: Well, php runs the same as apache, so whatever apache can access, php can access. So any files with the db passwords that need to be accessed by php, can be seen by all users who can upload php scripts to your server. That's not completely true. You can use open_basedir, safe_mode settings in apache's configuration, based on virtualhosts or even directories. This way you can restrict users, virtual hosts to their own directories. Arpi Hello all, I am just configuring up a new web server, and I want to be able to run php only in the web servers main document root and in specified virtual hosts, I have a fair understanding on how to go about this, but would really like some feedback before I get to far into it. Basically the only directories I don't want to be able to use php are all the user directories (/~username) unless they have been mapped to a virtual host that has the right directives in them to enable php. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
