php-install Digest 23 Mar 2003 18:12:36 -0000 Issue 1302
Topics (messages 10391 through 10393):
Setting up a secure PHP environment
10391 by: Carlos Oliva G.
localhost doesn't work, but machine name does?
10392 by: Jeff D. Hamann
apache/php/mysql seems *really* slow on winxp
10393 by: Jeff D. Hamann
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Hi there all,
First of all, I'm a (somewhat) advanced PHP developer, and have a great
experience on setting it up.
I have a very serious concern about security in a multiuser PHP
virtualhosting environment.
I'm planning on setting up a free hosting for local users, using a
single server, with PHP and MySQL support.
The users sites would be managed using Apache VirtualHosts. The users
itself would be managed using a MySQL backend for ProFTPd (for providing
file uploads facilities).
However, here comes my big concern. Users could use the PHP filesystem
functions to access the other users directories, thus read the source
files and gaining inmediate access to databases passwords and other kind
of sensitive data.
I've been trying to look up a lot of alternatives in order to address
this issue; however, none of them seems satisfactory for my setup.
Is there any way to run PHP in a setuid environment for each of the
VirtualHosts defined by Apache? Has anyone already gone through this
setup which can guide me on the steps required for doing so?
Best regards,
--
Carlos Oliva G.
Igloo Sistemas Ltda.
[EMAIL PROTECTED] - http://www.igloo.cl
Tel/Fax: +56 32 684798
--- End Message ---
--- Begin Message ---
I'm having a little bit of trouble getting a script to get processed by
apache/2.0.44 (win32) PHP/4.3.1
I've got it (it meaning apache/php/mysql) installed and everything seems to
be working fine, but...
when I enter the following url into my browser i simply get the text of the
script.
http://localhost/phpinfo.php
where phpinfo is the following:
<?
phpinfo();
?>
when I enter http://toastman/phpinfo.php
I get the normal phpinfo page. When I enter http://127.0.0.1/phpinfo.php
(fine). and what do i need to add to my httpd.conf to ensure the php page
will be processed when I leave the .php extension off?
I've been running apache 1.3 / php 4.0.1 / mysql 3.x.xx for so long I
figured I should finally upgrade...
--- End Message ---
--- Begin Message ---
I've got a web project that was developed using apache 2.0.44 php 4.3.x and
mysql 4.0.11-gamma and it runs much faster on a win2k machine with P3-700
and 512MB than it does on a brnad new winxp laptop with a P4-2GHz with
512MB. The database is pretty small (about 30 MB) and I've configured
apache, php and mysql similarily on both machines.
has anyone else noticed this behavior?
jeff.
--- End Message ---
