Join Up! 104886 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI In Case You Missed It...The Week of September 12, 2005 An introduction to the ADOdb class library, Part 2 Using PHP and MySQL with Flash Revisited: Build Dynamic Pages With Search Engines in Mind Building a Multilingual PHP Website

php-general | 2001122

From: scott (lists <email protected>)
Date: 12/19/01

• Next message: Kancha .: "Re: [PHP] telneting sockets help.."
• Previous message: GaM3R: "[PHP] is_reference?"
• In reply to: Michael Geier: "Re: [PHP] Access rights for php files on Linux?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For a little bit more security, you could find out what user
apache is running as (look in httpd.conf), and chown the
file to that user:group and set permissions 400.
(So that only the apache process can read the file)

However, this is not very secure, becuase a CGI script
could still read your file. (Any file that is readable by
the webserver is, in essence, readable by any script being
executed by that webserver - which, to say the least, can
be a rather large security problem)

> -----Original Message-----
> From: Michael Geier [mailto:mgeier <email protected>]
> Subject: Re: [PHP] Access rights for php files on Linux?
>
> Use include files to pass your authentication information.
>
> <?
> include('auth.php');
> ?>
>
> auth.php:
> <?
> $username="foo";
> $password="bar";
> ?>
>
> put auth.php in your home directory with you as owner and apache group id
> as group, or create a group that contains you and apache user (probably
> 'nobody').
>
> $> chmod 740 /your/home/dir/auth.php
>
> On Wed, 19 Dec 2001, Daniel Fassnauer wrote:
>
> > Well, I have encounterd a problem which is quite big (for me), so I hope
> > I find help here.
> > My setup is a Linux Machine, running Apache with php as a module.
> > In order for the webserver to parse the file, i have to give read
> > permission to world.
> > This is a problem, because about 100 people have shell access and could
> > then just cat /www/myphpfile.php, and would thus get passwords which i
> > dont want to share (like mysql password in the phpmyadmin config file)
> > and general access to my code. Also, the different users on the machine
> > want to be able to host php files with everyone else being able to read
> > them. Is there any way i can actually do that?
> > I must say that i am rather new to all this stuff, so i am really
> > confused as what to do, and i would appreciate any help..
> > Thanks in advance...
> >
> > Daniel

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: Kancha .: "Re: [PHP] telneting sockets help.."
• Previous message: GaM3R: "[PHP] is_reference?"
• In reply to: Michael Geier: "Re: [PHP] Access rights for php files on Linux?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs