> Thanks for the reply.  But changing the ground read permission of
> the PHP files wouldn't help, either, would it?  Because the other
> users who have web sites can just create a PHP file that reads my
> PHP files from one of their pages (which would be running in
> group "websecret").
> Seems like this just opens up the same hole.  Yes?

Yep. If your PHP script can read the file, then any PHP script can read it.
They all run as the same user. Again, this is assuming safe_mode is off. I
think there are some things you can run along with PHP (maybe only in CGI
mode) that'll stop this kind of thing from happening, though. I just don't
know what they are...Sudo or something like that ????

---John Holmes...

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to