Lewis Thompson <[EMAIL PROTECTED]> writes: > I'm trying to write a script to use with the Apache auth plugin > mod_auth_any. I have the whole setup working, bar the script that does > the authentication. > > I am worried that because the script must be read/writeable by the > Apache user (www) that anybody that can write a PHP script on my machine > can read the auth script and read the passwords that would be contained > within -- those to my MySQL server.
Why would the script be readable or writeable by any user? It only needs to be executable, right? > Is there any way I can have a script that is not readable by a user, > while still allowing that user to execute it? Maybe through using a > wrapper of some sort? I do not have UFS2 so I cannot use ACLs. > > Any suggestions for this as I'm stumped. Thanks very much, Check how Apache normally deals with this; I haven't used the auth module, but I can't believe that it requires insecure practices... _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"