Hi,
Maybe one or two of you may have read a post a while back about a PHP security
extention called Scripthash. For those of you who can't remember or don't know
this extension it lets you solve the age old problem of hardcoding passwords in
your PHP scripts and also makes it possible to execute scripts from PHP as a
different user (or even root) safely! This extension can ONLY be used when you
are using PHP as an Apache module on a Unix/Linux platform.
The original version was hard to install as you would have to compile it into
PHP. It also had some major bugs, the new version 0.5 has all previously known
bugs fixed and some new features. Scripthash 0.5 is for PHP 4.1.x (only tested
with 4.1.1) but users of PHP 4.0.x can download Scripthash 0.4 which is exactly
the same but made to run with 4.0.x.
The new version is very easy to install, all you need to do is either download
the tarball or the RedHat Source RPM and build then install. Then add the
following lines to you php.ini
extension_dir=/usr/lib/php/extensions
extension=scripthash.so
then restart Apache. To confirm everything it is working make a script with a
call to the phpinfo() function and there should now be a section called
Scripthash. To use the extenstion see README.html
To use some extended functionality you have to patch the PHP source code then
rebuild it. This patch will give you two new PHP globals called $VIRTUAL_UID
and $VIRTUAL_GID which contains the user id and the group id of the virtual
server being hit, you don't have to do this but you will get more control with
scripthash.
Finally I'll tell you what I hope to get from posting this message, I would
just like to see some interest, bug reports, suggestions, comments and maybe
some well written scripthash daemons (see README.html) :). I think this is an
extremely useful piece of code and it is now stable and easy to use.
You can get/find out more about Scripthash at
http://www.scl.co.uk/scripthash/ Sadly we have not had the time to update the
documentation for this module but it is on our TODO list and in the mean time
we are happy to reply to and emails you send us.
Thanks for your time
Tom
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
