I'm running PHP 4.1.2 (yes, I know 4.2.1 is now out) on a Cobalt RaQ 4 with mySQL. I've been whacking my head against a brick wall for the last year, trying to come up with a better way to store the mySQL connection information. When safe mode became available and I understood what it was supposed to do, I hoped that I could make my connection configuration files read-only for the owner of the PHP scripts, but that doesn't seem to be working. I get things like:
Fatal error: Failed opening required './config.inc.php' (include_path='') in /home/sites/home/web/bleah/main.php on line 12 The config.inc.php file is being requested via an include or require (which are supposed to be safe-mode compatible) within the PHP scripts which are owned by the same user as the main.php script. As soon as I make it so that the httpd daemon (i.e. everybody in the world who has shell access to the server -- not that there are big whacks of such people, but it's a hole and it annoys me) has access by changing the file to be world-readable, it works fine. This is counterintuitive to my understanding of how this should work. I did a search of the archives and discovered somebody mentioning that they do something to automagically compile in the passwords, but when Carrie asked for details, none were forthcoming. Has anyone else successfully figured out how to do this on their RaQ or am I just being stupid and missing some php.ini configuration directive that's necessary? Thanks, Michelle _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
