RE: [PHP] PHP/Apache security question From: ..s.c.o.t.t.. (scott <email protected>)
Date: 07/07/01

of course that's possible... it's not default, but it's very possible

i think it's an apache module called suEXEC
that will run the script with the script owner's name.group,
not apache.apache

> -----Original Message-----
> From: lists <email protected>
> Subject: [PHP] PHP/Apache security question
>
> Is there anything anyone can do about this? of course it would be ideal if
> php would inherit uid/gid from the script file instead of the server
> ownership but I think there is no way to accomplish this, so this is why
> I am clueless.
>
> Oh, one more thingie: I have this CGI script here:
>
> #!/usr/bin/php
> <html><head>.....
> etc etc
> ----------------
>
> I try to access it and the "security warning!" page appears. The
> documentation sais that it's ok to use such CGI scripts, and warns the
> user about the security threat of using the php binary as a CGI. Obviously
> I am not using the php binary as a CGI, rather I am creating a CGI script
> that's interpreted using the php binary, so what seems to be the problem
> here?
>
> Thx a lot,
> georgeb
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-general-unsubscribe <email protected>
> For additional commands, e-mail: php-general-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>