Join Up! 104882 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI Using cURL With PHP In Case You Missed It...The Week of April 10, 2006 Creating an Online Survey - Part 2 Interfacing with MS Access Tour MySQL Administrator

php3-list | 199901

From: jwb19 <email protected>
Date: 01/17/99

• Next message: Rasmus Lerdorf: "Re: [PHP3] 2nd Apache Server Security Implications"
• Previous message: Andrew Smith: "RE: [PHP3] file pointers & ftell"
• Next in thread: Rasmus Lerdorf: "Re: [PHP3] 2nd Apache Server Security Implications"
• Reply: Rasmus Lerdorf: "Re: [PHP3] 2nd Apache Server Security Implications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Background:

        I run a Linux server that will eventually house multiple PHP users
and websites. I am worried about security, though not in the traditional
sense. The nature of this project dictates that security between users
*other than me* is not an issue (i.e. they may read / include eachother's
files if they want); I just want to make sure that other users do not include
*my* PHP content (for db passwords, etc.). Assume that the machine is
otherwise well administered (always a shakey assumption with UNIX...).

Problem:

        How can I effectively set up two security realms? I would much
prefer to use the module version of PHP, not a CGI binary, for speed reasons.
Assuming that the file permissions on my content are only set to r/w for
Apache's user/group (and other files on the system have reaonable
permissions), what are the security implications of running a second Apache
webserver with PHP on my machine under a different user/group than the
first?? What am I forgetting / missing?

        Thanks in advance (and don't hesitate to ask me for more details
privately, I am well aware of the strange nature of my problem :) )

        James

--
PHP 3 Mailing List   http://www.php.net/
To unsubscribe send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest list:  php3-digest-subscribe <email protected>
For help: php3-help <email protected>  Archive:  http://www.php.net/mailsearch.php3
List administrator:  zeev-list-admin <email protected>

• Next message: Rasmus Lerdorf: "Re: [PHP3] 2nd Apache Server Security Implications"
• Previous message: Andrew Smith: "RE: [PHP3] file pointers & ftell"
• Next in thread: Rasmus Lerdorf: "Re: [PHP3] 2nd Apache Server Security Implications"
• Reply: Rasmus Lerdorf: "Re: [PHP3] 2nd Apache Server Security Implications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs