Join Up! 104884 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI In Case You Missed It...The Week of July 25, 2005 Web Services Implementation with SOAP Using XML - Part 6: Validation Sending MIME Email With PHP Using PHP for the Creation of SVG Images

php3-list | 199901

From: Chad Cunningham (ccunning <email protected>)
Date: 01/15/99

• Next message: Rasmus Lerdorf: "Re: [PHP3] FW: *PHP3 -> MSSQL"
• Previous message: mev0003 <email protected>: "[PHP3] Beyond Apache module, what to install"
• In reply to: Tommy Williams: "Re: [PHP3] PHP Security"
• Next in thread: Richard Lynch: "Re: [PHP3] PHP Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

True, in my case, none of the users on my machine are smart enough to figure that
out :)

Tommy Williams wrote:

> On Thursday, January 14, 1999, 7:26 PM -0600 Chad Cunningham
> <ccunning <email protected>> wrote:
>
> > The best way to handle it if you just have one person that you're worried
> > about protecting is to create a group with just you and the user that the
> > web server runs as in it. Then just chmod 770 all your files. The files
> > are parsed before being sent to the client, so people on the net won't be
> > able to get at it. And, you're never safe from a good hacker :)
>
> But that still doesn't protect you from other people writing PHP on the
> same machine. When their PHP code runs, it will be as the same user as the
> Web server. So, if they can figure out where your file is (they can get the
> include path from phpinfo() ), they can write a simple script to read it
> and output it to their browser.
>
> You can run the CGI in safe mode and get some protection, but the only true
> way to fix it is to run a different set of httpd processes with different
> access rights for every user with PHP access. With the way shared memory
> works on modern machines, it actually shouldn't be a big hit on the server.
>
> --
> Tommy Williams
> <mailto:Tommy.Williams <email protected>>
> <URL:http://www.mc.Vanderbilt.Edu/~tommy/>
>
> --
> PHP 3 Mailing List http://www.php.net/
> To unsubscribe send an empty message to php3-unsubscribe <email protected>
> To subscribe to the digest list: php3-digest-subscribe <email protected>
> For help: php3-help <email protected> Archive: http://www.php.net/mailsearch.php3
> List administrator: zeev <email protected>

--
PHP 3 Mailing List   http://www.php.net/
To unsubscribe send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest list:  php3-digest-subscribe <email protected>
For help: php3-help <email protected>  Archive:  http://www.php.net/mailsearch.php3
List administrator:  zeev-list-admin <email protected>

• Next message: Rasmus Lerdorf: "Re: [PHP3] FW: *PHP3 -> MSSQL"
• Previous message: mev0003 <email protected>: "[PHP3] Beyond Apache module, what to install"
• In reply to: Tommy Williams: "Re: [PHP3] PHP Security"
• Next in thread: Richard Lynch: "Re: [PHP3] PHP Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs