php-general Digest 2 Apr 2010 06:56:23 -0000 Issue 6671
Topics (messages 303726 through 303748):
Re: How to know which PHP is used by Apache
303726 by: Nilesh Govindarajan
303728 by: Kevin Kinsey
303730 by: Nilesh Govindarajan
303731 by: Kevin Kinsey
303732 by: Nilesh Govindarajan
303748 by: Devendra Jadhav
Re: php 5.3.2 Unable to fork
303727 by: Eduardo Nunes
303729 by: Eduardo Nunes
File encryption under PHP
303733 by: Paul M Foster
303734 by: Ashley Sheridan
303735 by: Paul M Foster
303736 by: APseudoUtopia
303737 by: Ashley Sheridan
303738 by: APseudoUtopia
303739 by: Kevin Kinsey
303744 by: Adam Richardson
Tokutek Acquires Oracle
303740 by: Daevid Vincent
303741 by: Nathan Rixham
303742 by: Ashley Sheridan
303743 by: Tommy Pham
Apache rule/directive to stop serving PHP pages from /var/www/includes/
303745 by: Daevid Vincent
303746 by: Robert Cummings
Re: Apache rule/directive to stop serving PHP pages from /var/www/includes/
[SOLVED]
303747 by: Daevid Vincent
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
On 04/01/10 20:30, Devendra Jadhav wrote:
On Thu, Apr 1, 2010 at 7:22 PM, Devendra Jadhav<devendra...@gmail.com>wrote:
On Thu, Apr 1, 2010 at 7:13 PM, Teus Benschop<teusjanne...@gmail.com>wrote:
On Thu, 2010-04-01 at 19:07 +0530, Devendra Jadhav wrote:
With my case both installation of PHP has version 5.x, so how to know
which
PHP is being used?
Running this page through Apache could do it:
<?php
phpinfo ();
?>
Teus.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I am still confused. As per Nilesh php's binary is not required and as per
Ashley it is required.
Which one is correct?
And I am not able to find which php's binary is used by using phpinfo().
--
Devendra Jadhav
देवेंद्र जाधव
Anyone confident about either of the two answers?
Well, you can do a trial test. Compile a different version of php
without libphp5.so, and replace the php interpreter of libphp5.so with
this one.
If phpinfo() from apache shows you a different version then libphp5 uses
the binary else not.
As per common logic, libphp5 embeds the php interpreter into apache,
hence it'd not make sense to say that it needs the binary.
--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
मेरा भारत महान !
मम भारत: महत्तम भवतु !
--- End Message ---
--- Begin Message ---
Devendra Jadhav wrote:
I am still confused. As per Nilesh php's binary is not required and as per
Ashley it is required.
Which one is correct?
And I am not able to find which php's binary is used by using phpinfo().
Anyone confident about either of the two answers?
Pretty confident about all of them. Nilesh probably misunderstood,
or we are misunderstanding him. PHP has to have a binary file,
whether it's the CLI interpreter or the Apache "module".
Run a script with phpinfo() in it. Look for the line that says
"Server API". If this reads something like "Apache $N.$N Handler",
then the PHP interpreter binary is something like "libphp$n.so".
If the line reads "Command Line Interface", then you are using
something like /usr/bin/php, /usr/local/bin/php, etc. (I'm from
a BSD background, your $penguin_path may vary).
If you are talking about actually having two different versions
of PHP installed, and not sure which is actually being called,
you might find out something with the Linux equivalent of the
BSD `pkg_which`:
[31] Thu 01.Apr.2010 10:39:24
[ad...@archangel][/usr/local/bin]
sudo pkg_which /usr/local/bin/php
php5-5.2.11
This command is highly dependent on your Linux distro: on
RH I think it's "rpm", "dpkg" on Debian, "urpmf" on Mandriva,
etc.
If you have two installations of the same version, $deity
help you :-)
HTH,
Kevin Kinsey
--- End Message ---
--- Begin Message ---
libphp5.so doesn't need the php binary.
I've confirmed this using a test.
My local apache is configured to use libphp5.so
I moved /usr/bin/php to /root, then started apache and ran drupal. It
worked.
This confirms that libphp5.so is independent of the php binary in
/usr/bin as I suggested earlier.
--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
मेरा भारत महान !
मम भारत: महत्तम भवतु !
--- End Message ---
--- Begin Message ---
Nilesh Govindarajan wrote:
libphp5.so doesn't need the php binary.
You're right, and of course not. libphp5.so
*is* a "PHP binary" :-)
I've confirmed this using a test.
My local apache is configured to use libphp5.so
I moved /usr/bin/php to /root, then started apache and ran drupal. It
worked.
This confirms that libphp5.so is independent of the php binary in
/usr/bin as I suggested earlier.
No one was questioning that .. or at least, I wasn't.
One is an executable binary file ... a program.
The other is also a binary file, but it's a _library_.
What I said was you need one or the other. "A" binary
file, either the Apache SO or the "binary" interpreter...
It's possible to configure Apache to use a PHP executable
(CGI), and the CGI and CLI executables are similar, if
not identical.
I dunno if anyone actually does that anymore, though. :-)
Ashley said "The libphp5.so is the Apache module that
links PHP into Apache. You need this and PHP installed
if you want to use PHP in Apache." Devendra apparently
misinterpreted this to mean that you need both the SO and
the binary interpreter, but you don't. You DO need the
rest of the PHP extensions, libraries, config files, etc.
... a "PHP installation", whether or not your have the
CLI binary is not that important, although I always do
since I like to run system scripts in PHP via cron, etc.
Kevin Kinsey
--- End Message ---
--- Begin Message ---
On 04/01/10 23:03, Kevin Kinsey wrote:
Nilesh Govindarajan wrote:
libphp5.so doesn't need the php binary.
You're right, and of course not. libphp5.so
*is* a "PHP binary" :-)
I've confirmed this using a test.
My local apache is configured to use libphp5.so
I moved /usr/bin/php to /root, then started apache and ran drupal. It
worked.
This confirms that libphp5.so is independent of the php binary in
/usr/bin as I suggested earlier.
No one was questioning that .. or at least, I wasn't.
One is an executable binary file ... a program.
The other is also a binary file, but it's a _library_.
What I said was you need one or the other. "A" binary
file, either the Apache SO or the "binary" interpreter...
It's possible to configure Apache to use a PHP executable
(CGI), and the CGI and CLI executables are similar, if
not identical.
I dunno if anyone actually does that anymore, though. :-)
Ashley said "The libphp5.so is the Apache module that
links PHP into Apache. You need this and PHP installed
if you want to use PHP in Apache." Devendra apparently
misinterpreted this to mean that you need both the SO and
the binary interpreter, but you don't. You DO need the
rest of the PHP extensions, libraries, config files, etc.
... a "PHP installation", whether or not your have the
CLI binary is not that important, although I always do
since I like to run system scripts in PHP via cron, etc.
Kevin Kinsey
LOL. Super misunderstanding. Anyway, I did that test to help Devendra.
--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
मेरा भारत महान !
मम भारत: महत्तम भवतु !
--- End Message ---
--- Begin Message ---
On Thu, Apr 1, 2010 at 11:30 PM, Nilesh Govindarajan <li...@itech7.com>wrote:
> On 04/01/10 23:03, Kevin Kinsey wrote:
>
>> Nilesh Govindarajan wrote:
>>
>>> libphp5.so doesn't need the php binary.
>>>
>>
>> You're right, and of course not. libphp5.so
>> *is* a "PHP binary" :-)
>>
>> I've confirmed this using a test.
>>>
>>> My local apache is configured to use libphp5.so
>>>
>>> I moved /usr/bin/php to /root, then started apache and ran drupal. It
>>> worked.
>>>
>>> This confirms that libphp5.so is independent of the php binary in
>>> /usr/bin as I suggested earlier.
>>>
>>
>> No one was questioning that .. or at least, I wasn't.
>> One is an executable binary file ... a program.
>>
>> The other is also a binary file, but it's a _library_.
>>
>> What I said was you need one or the other. "A" binary
>> file, either the Apache SO or the "binary" interpreter...
>>
>> It's possible to configure Apache to use a PHP executable
>> (CGI), and the CGI and CLI executables are similar, if
>> not identical.
>>
>> I dunno if anyone actually does that anymore, though. :-)
>>
>> Ashley said "The libphp5.so is the Apache module that
>> links PHP into Apache. You need this and PHP installed
>> if you want to use PHP in Apache." Devendra apparently
>> misinterpreted this to mean that you need both the SO and
>> the binary interpreter, but you don't. You DO need the
>> rest of the PHP extensions, libraries, config files, etc.
>> ... a "PHP installation", whether or not your have the
>> CLI binary is not that important, although I always do
>> since I like to run system scripts in PHP via cron, etc.
>>
>> Kevin Kinsey
>>
>
> LOL. Super misunderstanding. Anyway, I did that test to help Devendra.
>
>
> --
> Nilesh Govindarajan
> Site & Server Administrator
> www.itech7.com
> मेरा भारत महान !
> मम भारत: महत्तम भवतु !
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
I think I am clear with everything now.. Good.. Thank you very much Nilesh,
kevin, Ashley & all.
--
Devendra Jadhav
देवेंद्र जाधव
--- End Message ---
--- Begin Message ---
Hi, thanks for the reply, just tried without any db bases and the scenario
did not change (besides for mysql).
With and without pear.. nothing changed from the initial scene.
"Nathan Rixham" <nrix...@gmail.com> escreveu na mensagem
news:4bb3eb75.4020...@gmail.com...
Eduardo Nunes wrote:
Compiling without mysql support, the cli "php -r 'echo shell_exec("echo
Test!");' works fine even as the apache unprivileged user. However when
running the test.php script with apache the error log still shows the
error Unable to execute / Unable to fork ...
back in 5.2.3 i had the same problem and found it to be the psql drivers
not mysql.. may be worth checking
--- End Message ---
--- Begin Message ---
I would try your setenv path idea while compiling php without mysql, however
I don't get why compiling php with mysql does not fork nor execute even
running the php cli as root...
Thanks for the reply Nilesh!
"Nilesh Govindarajan" <li...@itech7.com> escreveu na mensagem
news:4bb3fca7.4030...@itech7.com...
On 04/01/10 02:21, Eduardo Nunes wrote:
Compiling without mysql support, the cli "php -r 'echo shell_exec("echo
Test!");' works fine even as the apache unprivileged user. However when
running the test.php script with apache the error log still shows the
error Unable to execute / Unable to fork ...
""Eduardo Nunes"" <zeh...@terra.com.br> escreveu na mensagem
news:38.94.09265.3a973...@pb1.pair.com...
Hello people!
A time before I had issues with my php 5.2.3 that would not fork
anything, neither in shell or via apache, and I figured out that
commenting out the snmp.so extension from php.ini made it fork
commands passed to php cli with an unprivileged user (www) fine,
however apache still would not fork anything.
Now I just compiled 5.3.2 and it doesn't fork at all, neither as root
with -n option.
For example I am running:
r...@saturno:/usr/src/apache/php-5.3.2# ./sapi/cli/php -n -r 'echo
shell_exec("echo Test!");'
Warning: shell_exec(): Unable to execute 'echo Test!' in Command line
code on line 1
(neither system, exec, other options work)
Any ideas on what is going on?
(compiled using ../configure --prefix=/usr --with-apxs2 --disable-cgi
--disable-short-tags --disable-ipv6 --without-sqlite3 --with-mysql
--with-pdo-mysql --without-pdo-sqlite --enable-sockets
--without-sqlite --with-gnu-ld)
Thanks
I think you need to check your PATH environment variable. Add the
directory to it where your PHP interpreter sits.
PS: This just a guess. Don't bash me if I'm wrong.
--
Nilesh Govindarajan
Site & Server Administrator
www.itech7.com
मेरा भारत महान !
मम भारत: महत्तम भवतु !
--- End Message ---
--- Begin Message ---
Folks:
If I wanted to encrypt a file in PHP and then write it out to disk
(one-way encryption, requiring a password), what PHP built-ins might you
recommend to encrypt the contents of the file before writing it out to
disk?
Paul
--
Paul M. Foster
--- End Message ---
--- Begin Message ---
On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote:
> Folks:
>
> If I wanted to encrypt a file in PHP and then write it out to disk
> (one-way encryption, requiring a password), what PHP built-ins might you
> recommend to encrypt the contents of the file before writing it out to
> disk?
>
> Paul
>
> --
> Paul M. Foster
>
I don't think you want one-way encryption, that would mean you can't
unencrypt it!
What about the usual functions for encrypting strings in PHP? Couldn't
you encrypt the file as a string and output that? Or did you want the
file to request a password when it was opened? What about a
password-protected compressed archive file?
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Thu, Apr 01, 2010 at 08:45:53PM +0100, Ashley Sheridan wrote:
> On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote:
>
> Folks:
>
> If I wanted to encrypt a file in PHP and then write it out to disk
> (one-way encryption, requiring a password), what PHP built-ins might you
> recommend to encrypt the contents of the file before writing it out to
> disk?
>
> Paul
>
> --
> Paul M. Foster
>
>
>
> I don't think you want one-way encryption, that would mean you can't unencrypt
> it!
Then "one-way encryption" would be something no one would do. I must be
using the wrong term. What I mean is that it needs a password, which is
used to encrypt and decrypt the file.
>
> What about the usual functions for encrypting strings in PHP? Couldn't you
> encrypt the file as a string and output that? Or did you want the file to
> request a password when it was opened? What about a password-protected
> compressed archive file?
Well, when you say, "usual functions for encrypting strings in PHP",
what are my options there? And which are the best (most secure) methods?
It looks like mcrypt_*() will do the job, but there are 20-30
algorithms, and I have no idea which are the most secure. Or would
something else be better (than mcrypt_*())?
Paul
--
Paul M. Foster
--- End Message ---
--- Begin Message ---
On Thu, Apr 1, 2010 at 3:47 PM, Paul M Foster <pa...@quillandmouse.com> wrote:
> Folks:
>
> If I wanted to encrypt a file in PHP and then write it out to disk
> (one-way encryption, requiring a password), what PHP built-ins might you
> recommend to encrypt the contents of the file before writing it out to
> disk?
>
> Paul
>
I use the MCrypt extension to encrypt strings (login hashes in
cookies, other such things). I don't see why you couldn't read the
file into a string and then use mcrypt. You'd have to play with it
though. Like make sure performance doesn't degrade massively for large
files (rather than small strings), as well as making sure everything
is binary-safe.
--- End Message ---
--- Begin Message ---
On Thu, 2010-04-01 at 16:04 -0400, Paul M Foster wrote:
> On Thu, Apr 01, 2010 at 08:45:53PM +0100, Ashley Sheridan wrote:
>
> > On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote:
> >
> > Folks:
> >
> > If I wanted to encrypt a file in PHP and then write it out to disk
> > (one-way encryption, requiring a password), what PHP built-ins might you
> > recommend to encrypt the contents of the file before writing it out to
> > disk?
> >
> > Paul
> >
> > --
> > Paul M. Foster
> >
> >
> >
> > I don't think you want one-way encryption, that would mean you can't
> > unencrypt
> > it!
>
> Then "one-way encryption" would be something no one would do. I must be
> using the wrong term. What I mean is that it needs a password, which is
> used to encrypt and decrypt the file.
>
> >
> > What about the usual functions for encrypting strings in PHP? Couldn't you
> > encrypt the file as a string and output that? Or did you want the file to
> > request a password when it was opened? What about a password-protected
> > compressed archive file?
>
> Well, when you say, "usual functions for encrypting strings in PHP",
> what are my options there? And which are the best (most secure) methods?
> It looks like mcrypt_*() will do the job, but there are 20-30
> algorithms, and I have no idea which are the most secure. Or would
> something else be better (than mcrypt_*())?
>
> Paul
>
> --
> Paul M. Foster
>
There's a good reason for one-way encryption. The crypt function in PHP
is one-way, and the use case is to compare an entered password without
the encrypted password ever being unencryptable.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Thu, Apr 1, 2010 at 4:05 PM, Ashley Sheridan
<a...@ashleysheridan.co.uk> wrote:
> On Thu, 2010-04-01 at 16:04 -0400, Paul M Foster wrote:
>
>> On Thu, Apr 01, 2010 at 08:45:53PM +0100, Ashley Sheridan wrote:
>>
>> > On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote:
>> >
>> > Folks:
>> >
>> > If I wanted to encrypt a file in PHP and then write it out to disk
>> > (one-way encryption, requiring a password), what PHP built-ins might
>> > you
>> > recommend to encrypt the contents of the file before writing it out to
>> > disk?
>> >
>> > Paul
>> >
>> > --
>> > Paul M. Foster
>> >
>> >
>> >
>> > I don't think you want one-way encryption, that would mean you can't
>> > unencrypt
>> > it!
>>
>> Then "one-way encryption" would be something no one would do. I must be
>> using the wrong term. What I mean is that it needs a password, which is
>> used to encrypt and decrypt the file.
>>
>> >
>> > What about the usual functions for encrypting strings in PHP? Couldn't you
>> > encrypt the file as a string and output that? Or did you want the file to
>> > request a password when it was opened? What about a password-protected
>> > compressed archive file?
>>
>> Well, when you say, "usual functions for encrypting strings in PHP",
>> what are my options there? And which are the best (most secure) methods?
>> It looks like mcrypt_*() will do the job, but there are 20-30
>> algorithms, and I have no idea which are the most secure. Or would
>> something else be better (than mcrypt_*())?
>>
>> Paul
>>
>> --
>> Paul M. Foster
>>
>
>
> There's a good reason for one-way encryption. The crypt function in PHP
> is one-way, and the use case is to compare an entered password without
> the encrypted password ever being unencryptable.
>
> Thanks,
> Ash
Technically, "one-way encryption" is called hashing, as encryption by
definition is two-way.
--- End Message ---
--- Begin Message ---
Paul M Foster wrote:
Folks:
If I wanted to encrypt a file in PHP and then write it out to disk
(one-way encryption, requiring a password), what PHP built-ins might you
recommend to encrypt the contents of the file before writing it out to
disk?
Paul
Here's a very generic mcrypt example. IANAE
where security is concerned, but from what I've
read, BLOWFISH should be a fairly decent algorithm
for most applications. This isn't my work, can't
remember whose ... uses 3DES.
KDK
<?php
$plaintext = "Four score and seven years ago";
$cipher = MCRYPT_TRIPLEDES;
$mode = MCRYPT_MODE_ECB;
$rand_src = MCRYPT_DEV_RANDOM; //MCRYPT_DEV_RANDOM
$password = 'Extra secret password';
print ("Plaintext: $plaintext\n");
// OK, let's encrypt the data
$handle = mcrypt_module_open ($cipher, '', $mode, '');
if (!$handle)
die ("Couldn't locate open mcrypt module for '$cipher' algorithm");
$iv_size = mcrypt_enc_get_iv_size ($handle);
$ivector = mcrypt_create_iv ($iv_size, $rand_src);
if (mcrypt_generic_init ($handle, $password, $ivector) == -1)
die ("Error: mcrypt_generic_init() failed.");
$ciphertext = mcrypt_generic ($handle, $plaintext);
mcrypt_generic_end ($handle);
echo "<br> Ciphertext: " . bin2hex ($ciphertext) . "\n";
// Now let's decrypt it
$handle = mcrypt_module_open ($cipher, '', $mode, '');
if (!$handle) die ("Couldn't locate open mcrypt module for '$cipher'
algorithm");
if (mcrypt_generic_init ($handle, $password, $ivector) == -1)
die ("Error: mcrypt_generic_init() failed.");
$plaintext = mdecrypt_generic ($handle, $ciphertext);
mcrypt_generic_end ($handle);
echo "<br> Plaintext: $plaintext\n");
?>
--- End Message ---
--- Begin Message ---
>
> Then "one-way encryption" would be something no one would do. I must be using
> the wrong term. What I mean is that it needs a password, which is used to
> encrypt and decrypt the file.
*Symmetric* encryption uses the same key to encrypt and decrypt the text
(what you're talking about, and example algorithms include blowfish, AES.)
*Asymmetric* encryption uses separate keys, allowing anyone to send you an
encrypted message with a public key, but only allowing you to decrypt it
with your private key (https uses this as the initial stage to exchange the
key to be used for the subsequent exchanges of text using symmetric
encryption because symmetric encryption is much faster, and example
algorithm is RSA.)
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
http://tokutek.com/2010/04/tokutek-acquires-oracle/
April 1, 2010, Totutek, Inc., announced the acquisition of Oracle
Corporation. "Tokutek has long been a supporter of open-source software"
said John Partridge, CEO of Tokutek. "Oracle is an innovative small company
the develops database front ends such as MySQL. Tokutek intends to continue
developing the MySQL technology and expand our commitment to open-soure
software." Oracle CEO Larry Ellison's role has not been determined. Other
than a statement that the transaction is an all-stock transaction, terms of
the transaction were not disclosed.
http://planet.mysql.com/
--- End Message ---
--- Begin Message ---
Daevid Vincent wrote:
> http://tokutek.com/2010/04/tokutek-acquires-oracle/
>
> April 1, 2010, Totutek, Inc., announced the acquisition of Oracle
> Corporation. "Tokutek has long been a supporter of open-source software"
> said John Partridge, CEO of Tokutek. "Oracle is an innovative small company
> the develops database front ends such as MySQL. Tokutek intends to continue
> developing the MySQL technology and expand our commitment to open-soure
> software." Oracle CEO Larry Ellison's role has not been determined. Other
> than a statement that the transaction is an all-stock transaction, terms of
> the transaction were not disclosed.
>
> http://planet.mysql.com/
>
but sadly..
"Tokutek's acquisitions of Oracle, Apple, HP, Microsoft and Google were
today blocked by the European Union on the basis that the announced
acquisitions were 'in bad taste'. "
http://tokutek.com/2010/04/tokuteks-acquisitions-blocked-by-eu/
shame
--- End Message ---
--- Begin Message ---
On Thu, 2010-04-01 at 21:58 +0100, Nathan Rixham wrote:
> Daevid Vincent wrote:
> > http://tokutek.com/2010/04/tokutek-acquires-oracle/
> >
> > April 1, 2010, Totutek, Inc., announced the acquisition of Oracle
> > Corporation. "Tokutek has long been a supporter of open-source software"
> > said John Partridge, CEO of Tokutek. "Oracle is an innovative small company
> > the develops database front ends such as MySQL. Tokutek intends to continue
> > developing the MySQL technology and expand our commitment to open-soure
> > software." Oracle CEO Larry Ellison's role has not been determined. Other
> > than a statement that the transaction is an all-stock transaction, terms of
> > the transaction were not disclosed.
> >
> > http://planet.mysql.com/
> >
>
> but sadly..
>
> "Tokutek's acquisitions of Oracle, Apple, HP, Microsoft and Google were
> today blocked by the European Union on the basis that the announced
> acquisitions were 'in bad taste'. "
>
> http://tokutek.com/2010/04/tokuteks-acquisitions-blocked-by-eu/
>
> shame
>
An April fools? It looks decidedly odd...
Speaking of which, has anyone checked out Googles new Animal
Translate? :p
Thanks,
Ash
http://www.ashleysheridan.co.uk
--- End Message ---
--- Begin Message ---
On Thu, Apr 1, 2010 at 1:57 PM, Ashley Sheridan
<a...@ashleysheridan.co.uk> wrote:
> On Thu, 2010-04-01 at 21:58 +0100, Nathan Rixham wrote:
>
>> Daevid Vincent wrote:
>> > http://tokutek.com/2010/04/tokutek-acquires-oracle/
>> >
>> > April 1, 2010, Totutek, Inc., announced the acquisition of Oracle
>> > Corporation. "Tokutek has long been a supporter of open-source software"
>> > said John Partridge, CEO of Tokutek. "Oracle is an innovative small company
>> > the develops database front ends such as MySQL. Tokutek intends to continue
>> > developing the MySQL technology and expand our commitment to open-soure
>> > software." Oracle CEO Larry Ellison's role has not been determined. Other
>> > than a statement that the transaction is an all-stock transaction, terms of
>> > the transaction were not disclosed.
>> >
>> > http://planet.mysql.com/
>> >
>>
>> but sadly..
>>
>> "Tokutek's acquisitions of Oracle, Apple, HP, Microsoft and Google were
>> today blocked by the European Union on the basis that the announced
>> acquisitions were 'in bad taste'. "
>>
>> http://tokutek.com/2010/04/tokuteks-acquisitions-blocked-by-eu/
>>
>> shame
>>
>
>
> An April fools? It looks decidedly odd...
>
> Speaking of which, has anyone checked out Googles new Animal
> Translate? :p
>
BTW, did you know that laptop can fly?
http://www.youtube.com/watch?v=TVwhrJirgp0
--- End Message ---
--- Begin Message ---
(Sorry if this is a duplicate. I sent one earlier with "OT:" prefixing the
subject line and I think this list software kills the message despite being
proper netiquette. *sigh*)
I have your basic web tree setup.
develo...@mypse:/var/www/dart2$ tree -d -I 'CVS'
|-- UPDATES
|-- ajax
|-- images
| |-- gui
| `-- icons
`-- includes
|-- classes
|-- css
|-- functions
| `-- xml
|-- gui
|-- js
| |-- charts
`-- pear
|-- Auth
|-- Benchmark
|-- DB
|-- Date
|-- File
|-- Spreadsheet
`-- XML_RPC
It's not ideal. I would normally have /includes/ in a directory outside the
servable webroot directory, but for various reasons I won't go into, this
is how it is.
Now I have Apache configured to NOT allow directory browsing.
I also have a index.html file in most all main directories to log attempts
and also redirect back to the main site.
What I don't know how to protect against is if someone were to KNOW the
name of a .php file. Say I have /includes/foo.inc.php for example, someone
can put that in their URL and apache will happily serve it up. :(
Is there a directive to prevent this?
I would think it should be doable since PHP reads the file directly off of
disk via a command like this and isn't really served perse:
require_once ROOTPATH.'/includes/functions/foo.inc.php';
Anyone? Anyone? Beuller? Beuller?
--- End Message ---
--- Begin Message ---
Daevid Vincent wrote:
(Sorry if this is a duplicate. I sent one earlier with "OT:" prefixing the
subject line and I think this list software kills the message despite being
proper netiquette. *sigh*)
I have your basic web tree setup.
develo...@mypse:/var/www/dart2$ tree -d -I 'CVS'
|-- UPDATES
|-- ajax
|-- images
| |-- gui
| `-- icons
`-- includes
|-- classes
|-- css
|-- functions
| `-- xml
|-- gui
|-- js
| |-- charts
`-- pear
|-- Auth
|-- Benchmark
|-- DB
|-- Date
|-- File
|-- Spreadsheet
`-- XML_RPC
It's not ideal. I would normally have /includes/ in a directory outside the
servable webroot directory, but for various reasons I won't go into, this
is how it is.
Now I have Apache configured to NOT allow directory browsing.
I also have a index.html file in most all main directories to log attempts
and also redirect back to the main site.
What I don't know how to protect against is if someone were to KNOW the
name of a .php file. Say I have /includes/foo.inc.php for example, someone
can put that in their URL and apache will happily serve it up. :(
Is there a directive to prevent this?
I would think it should be doable since PHP reads the file directly off of
disk via a command like this and isn't really served perse:
require_once ROOTPATH.'/includes/functions/foo.inc.php';
Anyone? Anyone? Beuller? Beuller?
<LocationMatch "^/includes/">
Order allow,deny
Deny from all
</LocationMatch>
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: Robert Cummings [mailto:rob...@interjinn.com]
> Sent: Thursday, April 01, 2010 7:23 PM
> To: Daevid Vincent
> Cc: php-gene...@lists.php.net
> Subject: Re: [PHP] Apache rule/directive to stop serving PHP
> pages from /var/www/includes/
>
> Daevid Vincent wrote:
> > (Sorry if this is a duplicate. I sent one earlier with
> "OT:" prefixing the
> > subject line and I think this list software kills the
> message despite being
> > proper netiquette. *sigh*)
> >
> > I have your basic web tree setup.
> >
> > develo...@mypse:/var/www/dart2$ tree -d -I 'CVS'
> > |-- UPDATES
> > |-- ajax
> > |-- images
> > | |-- gui
> > | `-- icons
> > `-- includes
> > |-- classes
> > |-- css
> > |-- functions
> > | `-- xml
> > |-- gui
> > |-- js
> > | |-- charts
> > `-- pear
> > |-- Auth
> > |-- Benchmark
> > |-- DB
> > |-- Date
> > |-- File
> > |-- Spreadsheet
> > `-- XML_RPC
> >
> > It's not ideal. I would normally have /includes/ in a
> directory outside the
> > servable webroot directory, but for various reasons I won't
> go into, this
> > is how it is.
> >
> > Now I have Apache configured to NOT allow directory browsing.
> >
> > I also have a index.html file in most all main directories
> to log attempts
> > and also redirect back to the main site.
> >
> > What I don't know how to protect against is if someone were
> to KNOW the
> > name of a .php file. Say I have /includes/foo.inc.php for
> example, someone
> > can put that in their URL and apache will happily serve it up. :(
> >
> > Is there a directive to prevent this?
> >
> > I would think it should be doable since PHP reads the file
> directly off of
> > disk via a command like this and isn't really served perse:
> >
> > require_once ROOTPATH.'/includes/functions/foo.inc.php';
> >
> > Anyone? Anyone? Beuller? Beuller?
>
> <LocationMatch "^/includes/">
>
> Order allow,deny
> Deny from all
>
> </LocationMatch>
Brilliant! Thanks Rob.
Here is the final that I went with (turns out I had to mind the
/includes/js directory or all my jQuery stuff STB, so that's why I call
each directory out like that):
develo...@myvm:/etc/apache2/sites-enabled$ tail -n20 000-default
# [dv] added 2010-04-01 to prevent serving include files and such
<LocationMatch "/UPDATES/">
Order allow,deny
Deny from all
</LocationMatch>
<FilesMatch "\.sql$">
Order allow,deny
Deny from all
</FilesMatch>
<LocationMatch "/includes/(classes|functions|gui|pear)/">
Order allow,deny
Deny from all
</LocationMatch>
<FilesMatch "\.(inc|class)\.php$">
Order allow,deny
Deny from all
</FilesMatch>
--- End Message ---
