From: david at acz dot org Operating system: PHP version: Irrelevant PHP Bug Type: Documentation problem Bug description: Suggestion for improving Database Security chapter
Description: ------------ It would be helpful for the Database Security chapter to discuss security in a shared hosting environment. Under a typical Apache / mod_php setup where PHP scripts all run as the Apache user, any user can read any other user's PHP scripts and thus capture any database authentication information. It may be possible to mitigate this with safe mode, but not if the server allows running other types of CGIs. -- Edit bug report at http://bugs.php.net/?id=37000&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=37000&r=trysnapshot44 Try a CVS snapshot (PHP 5.1): http://bugs.php.net/fix.php?id=37000&r=trysnapshot51 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=37000&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=37000&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=37000&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=37000&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=37000&r=needscript Try newer version: http://bugs.php.net/fix.php?id=37000&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=37000&r=support Expected behavior: http://bugs.php.net/fix.php?id=37000&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=37000&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=37000&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=37000&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=37000&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=37000&r=dst IIS Stability: http://bugs.php.net/fix.php?id=37000&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=37000&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=37000&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=37000&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=37000&r=mysqlcfg