On Wednesday 24 October 2001 16:42, Kurt Lieber wrote:
> On Wednesday 24 October 2001 00:30, you wrote:
> > What we
> > really need is an expert here to give us the low-down on the best
> > way to accomplish the best security given regular tools.
>
> There isn't a way to solve it within the constraints you've
> mentioned (shared server at a hosting provider, apache,
> php-as-a-module) If apache has read access on a file, which it has
> to have in order to serve it, someone else can get to that file via
> a PHP/Perl/C/whatever script/program. Yes, you can use a server
> that has php safe_mode enabled, but that doesn't mean your scripts
> are safe -- it just means they're safe from being exploited by
> other php scripts.
If open_basedir is set properly for each user (and safe_mode is on),
they can't reach each others' files at least from php. Of course if
one can write and run programs with apache's user in another
languages (perl, c, whatever) this doesn't help much (unless they can
be configured in a similar way).
> What about encryption?
I think the encryption just makes someone's (who wants to steal
something) work a little harder. In order to use the encrypted data,
you have to decrypt it in php, so your code will contain the
enc/decription algorithm and the keys that used.
Arpi
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
