Lewis Thompson <[EMAIL PROTECTED]> writes:

> I'm trying to write a script to use with the Apache auth plugin
> mod_auth_any.  I have the whole setup working, bar the script that does
> the authentication.
>   I am worried that because the script must be read/writeable by the
> Apache user (www) that anybody that can write a PHP script on my machine
> can read the auth script and read the passwords that would be contained
> within -- those to my MySQL server.

Why would the script be readable or writeable by any user?  
It only needs to be executable, right?

>   Is there any way I can have a script that is not readable by a user,
> while still allowing that user to execute it?  Maybe through using a
> wrapper of some sort?  I do not have UFS2 so I cannot use ACLs.
>   Any suggestions for this as I'm stumped.  Thanks very much,

Check how Apache normally deals with this; I haven't used the auth
module, but I can't believe that it requires insecure practices...
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to