 |
 |
 |
 |
|
|
Date: 12/02/00
- Next message: Christian Thiele: "[phplib] PHPlib error"
- Previous message: vimcat: "Re: [phplib] includes using .htaccess file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi there
We have completed the first (alpha) version of a new PHP extension called
scripthash and would like some feedback, particularly from those with knowledge
of Unix security. Here is the first paragraph from the README:
****************************
During module initialisation a shared memory segment is created and
initialised with a randomly generated secret. This segment remains attached
across the subsequent forks which create the Apache children and thus the
children have access to the secret. The module implements a single function
scripthash() which when called returns an MD5 hash of the secret and various
attributes of the call. This hash can be used by external programs (scripthash
"clients") to securely return privileged information to the caller.
***************************
Based on this extension, we have implemented:
1. a server to supply MySQL passwords, thus avoiding the need to hard code
them into scripts. This should be of particular interest to those who use
phplib and don't want to put passwords into their local.inc's.
2. suexec-type functionality for scripts running under mod_php4.
The full README and tarball is available at http://www.scl.co.uk/scripthash
***************************************************
John Sutton
SCL Computer Services
URL http://www.scl.co.uk/
Tel. +44 (0) 1239 621021
***************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>
- Next message: Christian Thiele: "[phplib] PHPlib error"
- Previous message: vimcat: "Re: [phplib] includes using .htaccess file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]