On Wednesday 24 October 2001 00:30, you wrote:
> What we
> really need is an expert here to give us the low-down on the best way to
> accomplish the best security given regular tools.

There isn't a way to solve it within the constraints you've mentioned (shared 
server at a hosting provider, apache, php-as-a-module)  If apache has read 
access on a file, which it has to have in order to serve it, someone else can 
get to that file via a PHP/Perl/C/whatever script/program.  Yes, you can use 
a server that has php safe_mode enabled, but that doesn't mean your scripts 
are safe -- it just means they're safe from being exploited by other php 

So, the only way to secure your PHP scripts from prying eyes (in a shared 
environment) is to upload them with group/world read permissions removed 
(i.e. chmod 700 or 600) But then Apache can't read that file either.  That's 
where php-cgiwrap comes into play as it acts as an interface between apache 
and your chmodded 600 file.

Basically, if you're on a shared server, you're either going to be buddies 
with your fellow users and trust them, or you're going to use something like 
php-cgiwrap which allows you to remove group/world read permissions and still 
 let apache read the file.

And, if security is *that* important to you, then you can, of course, use a 
dedicated server.  Then you don't have to worry about other users.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to