For a little bit more security, you could find out what user apache is running as (look in httpd.conf), and chown the file to that user:group and set permissions 400. (So that only the apache process can read the file)
However, this is not very secure, becuase a CGI script could still read your file. (Any file that is readable by the webserver is, in essence, readable by any script being executed by that webserver - which, to say the least, can be a rather large security problem) > -----Original Message----- > From: Michael Geier [mailto:[EMAIL PROTECTED]] > Subject: Re: [PHP] Access rights for php files on Linux? > > Use include files to pass your authentication information. > > <? > include('auth.php'); > ?> > > auth.php: > <? > $username="foo"; > $password="bar"; > ?> > > put auth.php in your home directory with you as owner and apache group id > as group, or create a group that contains you and apache user (probably > 'nobody'). > > $> chmod 740 /your/home/dir/auth.php > > On Wed, 19 Dec 2001, Daniel Fassnauer wrote: > > > Well, I have encounterd a problem which is quite big (for me), so I hope > > I find help here. > > My setup is a Linux Machine, running Apache with php as a module. > > In order for the webserver to parse the file, i have to give read > > permission to world. > > This is a problem, because about 100 people have shell access and could > > then just cat /www/myphpfile.php, and would thus get passwords which i > > dont want to share (like mysql password in the phpmyadmin config file) > > and general access to my code. Also, the different users on the machine > > want to be able to host php files with everyone else being able to read > > them. Is there any way i can actually do that? > > I must say that i am rather new to all this stuff, so i am really > > confused as what to do, and i would appreciate any help.. > > Thanks in advance... > > > > Daniel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
