On Mon, 30 Jun 2003, Peter Janett wrote:
This issue seems to be a huge issue, and I've been looking for a good
solution for quite a long time. My concern is that a shell emulating PHP or
Perl script run as Apache can read or copy ANY PHP script used with PHP as
an Apache module.
The reason I
On Mon, 7 Jul 2003 21:01:40 +0100 (BST), Graham Rule wrote:
The only place that they are
available is to PHP scripts run in the relevant directory.
Which means that if a hacker finds a cross script hack in one of those
directories (ie, if you have a security hole in one of your php
scripts),
That's where this thread started...
--- Wendell Brown [EMAIL PROTECTED] wrote:
On Mon, 30 Jun 2003 13:50:21 -0600, Peter Janett wrote:
My concern is that a shell emulating PHP or
Perl script run as Apache can read or copy ANY PHP script used
with PHP as
an Apache module.
It seems to me
]
(303)828-9882
-Original Message-
From: Derick Rethans [mailto:[EMAIL PROTECTED]
Sent: Monday, June 30, 2003 2:59 PM
To: Wendell Brown
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [PHP] web site security: how to hide login info for
mysql-connection
On Mon, 30 Jun 2003, Wendell
PROTECTED]
Sent: Sunday, June 29, 2003 4:33 PM
Subject: Re: [PHP] web site security: how to hide login info for
mysql-connection
Be aware that wherever you store the settings folder, your
php.ini
should
have that path in it's include_directories setting, and the
webserver
must
Ganswijk; [EMAIL PROTECTED]
Subject: Re: [PHP] web site security: how to hide login info for
mysql-connection
How do you handle storing the login info then? Do you encrypt the
file and decrypt it on the fly? Where would you store the key? I'm in
the process of setting up a new application
On Mon, 30 Jun 2003 13:50:21 -0600, Peter Janett wrote:
Directory /var/www/html/mydatabase
php_value mysql.default_user fred
php_value mysql.default_password secret
php_value mysql.default_host server.example.com
/Directory
H what about phpinfo()? It shows those settings in the
Directory /var/www/html/mydatabase
php_value mysql.default_user fred
php_value mysql.default_password secret
php_value mysql.default_host server.example.com
/Directory
H what about phpinfo()? It shows those settings in the clear.
solution: don't leave stray phpinfo's on a
On Mon, 30 Jun 2003, Wendell Brown wrote:
On Mon, 30 Jun 2003 13:50:21 -0600, Peter Janett wrote:
Directory /var/www/html/mydatabase
php_value mysql.default_user fred
php_value mysql.default_password secret
php_value mysql.default_host server.example.com
/Directory
H
On Mon, 30 Jun 2003 13:50:21 -0600, Peter Janett wrote:
My concern is that a shell emulating PHP or
Perl script run as Apache can read or copy ANY PHP script used with PHP as
an Apache module.
It seems to me like the safest way to handle this would be to create a
function that opens the database
Be aware that wherever you store the settings folder, your php.ini should
have that path in it's include_directories setting, and the webserver
must
have read permissions for that file.
I don't have access to php.ini on my ISP's web server. Is there a way for
a user to make their own set ow
).:. /your/path/here/);
then include/require as normal
-- frank
- Original Message -
From: anders thoresson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, June 29, 2003 4:33 PM
Subject: Re: [PHP] web site security: how to hide login info for
mysql-connection
Be aware that wherever you
these files have to be readable by Apache
and therefore other users on the system can often
also read them.
Greetings,
Jaap
- Original Message -
From: anders thoresson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, June 29, 2003 4:33 PM
Subject: Re: [PHP] web site security: how to hide
13 matches
Mail list logo