the page with a encoder like IonCube (http://www.ioncube.com) they charge by the amount
of code, so for say, two connection lines, it's like $1.00. Check out there site, after you sign
up for an account you can select your script and the web-interface will tell you how much
it would cost to encode.
On Mon, 2003-02-03 at 10:02, Hardik Doshi wrote:
Hi everyone,
I found the same problem regarding security issue with database password file. Does anyone has solution for that?
thanks
Hardik
"John W. Holmes" <[EMAIL PROTECTED]> wrote:> Major security question:
>
> I manage a shared Linux web server running PHP 4.2.3. Apache must have
> read permissions on a php file necessary for a web application. For
> example a conf.php file containing a MySQL password that is stored
> outside the web directory:
>
> -rw-r----- 1 q apache 3522 Oct 17 06:39 conf.php
>
> Because this file is readable by apache, ANY user on the server can
write
> the following script:
>
>
>
> which upon execution the conf.php file will be read by apache and
exposed
> to the user.
>
> Example understood?
>
> How can a file be secured so it can still be used by apache, but
> inaccessable by any other user? Is there a PHP ini configuration to
force
> apache to run as the user that is the owner of the php files being
> executed?
Either turn on safe_mode or use the CGI instead of the module.
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
-- Adam Voigt ([EMAIL PROTECTED]) The Cryptocomm Group My GPG Key: http://64.238.252.49:8080/adam_at_cryptocomm.asc |
signature.asc
Description: This is a digitally signed message part
