On Wednesday 24 October 2001 00:30, you wrote: > What we > really need is an expert here to give us the low-down on the best way to > accomplish the best security given regular tools.
There isn't a way to solve it within the constraints you've mentioned (shared server at a hosting provider, apache, php-as-a-module) If apache has read access on a file, which it has to have in order to serve it, someone else can get to that file via a PHP/Perl/C/whatever script/program. Yes, you can use a server that has php safe_mode enabled, but that doesn't mean your scripts are safe -- it just means they're safe from being exploited by other php scripts. So, the only way to secure your PHP scripts from prying eyes (in a shared environment) is to upload them with group/world read permissions removed (i.e. chmod 700 or 600) But then Apache can't read that file either. That's where php-cgiwrap comes into play as it acts as an interface between apache and your chmodded 600 file. Basically, if you're on a shared server, you're either going to be buddies with your fellow users and trust them, or you're going to use something like php-cgiwrap which allows you to remove group/world read permissions and still let apache read the file. And, if security is *that* important to you, then you can, of course, use a dedicated server. Then you don't have to worry about other users. --kurt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
