On Tue, Feb 10, 2004 at 03:56:08PM +0000, Peter Risdon wrote: > Lewis Thompson wrote: > > I am worried that because the script must be read/writeable by the > >Apache user (www) that anybody that can write a PHP script on my machine > >can read the auth script and read the passwords that would be contained > >within -- those to my MySQL server.
> All you can do really is store the passwords themselves in an include > file that you put in the most secure place possible, preferably not in > webspace. But I imagine you have this covered. Yeah, but this is really security through obscurity, not something I'm keen on ;) > > Is there any way I can have a script that is not readable by a user, > >while still allowing that user to execute it? Maybe through using a > >wrapper of some sort? I do not have UFS2 so I cannot use ACLs. > > > > > Not that I know of, but have you considered compiling apache with > suexec? Assuming your other users have seperate logins, this might work. > You can have apache execute scripts as the appropriate user, not www. > That way, a 700 permission should prevent other users from reading your > scripts. I read some stuff about this. I got the impression it required using PHP as a CGI, instead of mod_php. Am I wrong in thinking this? The overhead of using PHP as CGI is a little too high because the server is already pretty stretched... Thanks very much, -lewiz. -- I was so much older then, I'm younger than that now. --Bob Dylan, 1964. ------------------------------------------------------------------------ -| msn:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] | url:www.lewiz.org |-
pgp00000.pgp
Description: PGP signature