hi everyone, I'm working on a hosting platform with a large number of users, and we need to ensure safety for our users considering the mysql Connection. Using a password is not good enough cause if someone succeeds in getting the source code of someone, he will get the password and then will be able to do anything from his account. Thus, i've been working on a patch that would allow me to enforce a mysql user login based on the script filename path. (in example /home/chand/mysql.php enforces the login as 'chand').
I'd already done this patch on 4.0.4pl1 2 years ago and it worked. For our new Hosting Platform, we've decided to go up to 4.1.0, and i can't seem to make it work correctly. I randomly (looks like it's random), get Internal Server Errors from the Mysql connection functions. My patch is most certainly the cause of that. Using gdb, what seems to be the problem is a lack of memory being available or allowed by the system thus a crash. I really don't understand how this could be possible considering my patch looks good to me. I was wondering if anyone had any idea about such a problem. Basically what i do is get the PATH_TRANSLATED variable from the sapi_globals and use strsep to get the login name to enforce it as the Mysql User. Before i used strtok which actually was a bad idea since it's a completely broken function, now obsolete. strsep helped me get the ratio of ISE (Internal Server Errors) down to 1% of the pages correctly served. It's still not good for me. We need a fully working php. I can put up the patch here to see if you guys can see what i'm doing wrong. I've been working on this for a long time now looking at a lot of different things from application to system. Nothing i've tried seems to be working and my C code looks all right to me, but there might be some inconsistency with some inner way of dealing memory in php. I'd really appreciate any help on this, on this list or on a private basis. Thanks a lot for any insight. Later Chand -- Mark Villemade Hosting Services Technical Manager Lycos Europe +33 1 53 27 24 05 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
