Hi, We have developed a PHP security extension, it was originally developed to make it possibly to store you database password securly!!! So I thought I'd post a copy of the email I posted to the dev list to this list as well.
Here it is ========== Maybe one or two of you may have read a post a while back about a PHP security extention called Scripthash. For those of you who can't remember or don't know this extension it lets you solve the age old problem of hardcoding passwords in your PHP scripts and also makes it possible to execute scripts from PHP as a different user (or even root) safely! This extension can ONLY be used when you are using PHP as an Apache module on a Unix/Linux platform. The original version was hard to install as you would have to compile it into PHP. It also had some major bugs, the new version 0.5 has all previously known bugs fixed and some new features. Scripthash 0.5 is for PHP 4.1.x (only tested with 4.1.1) but users of PHP 4.0.x can download Scripthash 0.4 which is exactly the same but made to run with 4.0.x. The new version is very easy to install, all you need to do is either download the tarball or the RedHat Source RPM and build then install. Then add the following lines to you php.ini extension_dir=/usr/lib/php/extensions extension=scripthash.so then restart Apache. To confirm everything it is working make a script with a call to the phpinfo() function and there should now be a section called Scripthash. To use the extenstion see README.html To use some extended functionality you have to patch the PHP source code then rebuild it. This patch will give you two new PHP globals called $VIRTUAL_UID and $VIRTUAL_GID which contains the user id and the group id of the virtual server being hit, you don't have to do this but you will get more control with scripthash. Finally I'll tell you what I hope to get from posting this message, I would just like to see some interest, bug reports, suggestions, comments and maybe some well written scripthash daemons (see README.html) :). I think this is an extremely useful piece of code and it is now stable and easy to use. You can get/find out more about Scripthash at http://www.scl.co.uk/scripthash/ Sadly we have not had the time to update the documentation for this module but it is on our TODO list and in the mean time we are happy to reply to and emails you send us. Thanks for your time Tom -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]