Re: [PHP] Security question with PHP on Unix / Linux.
Ananth Kesari [EMAIL PROTECTED] wrote... : Thanks for your inputs. Will proceed from here. Well, if you did not know, NetWare is an operating system brought out by Novell. I know :) We are working on porting PHP onto NetWare. In fact, we already have ported PHP 4.2.3 onto NetWare and we have synched up our souces for the 4.3 branch. Interesting. Are you working with the php-dev team or on your own? -- Maxim Maletsky [EMAIL PROTECTED] Maxim Maletsky [EMAIL PROTECTED] 02/04/03 08:45PM Ananth Kesari [EMAIL PROTECTED] wrote... : I am working on porting PHP onto NetWare. What exactly do you mean? I am newbie to Unix / Linux systems and at this point of time, I am trying to understand the way security is implemented for PHP on Unix / Linux. I mean, how are the different users distinguished from Unix / Linux. From PHP's point of view, every PHP process will run as apache's process, with apache's user. Most often `nobody' or `apache'. Do they get to login into the Unix / Linux system? No. Do they have separate data space for each user? No. Only sessions, if you use them. Sessions have their own unique IDs and are stored in a certain directory by default. A database solution can also be implemented. What is the API that is used to login to Unix / Linux. There is no login to the Unix / Linux. You might write one on your own, if you wish, but that would be your thing. PHP as it is, logs nobody to the Linux, it runs everybody's request as Apache's user. User may enter his username and password on the browser, but how do they get translated onto the Unix / Linux box? Whatever inputted to the broswer, is send to your script. Stays up to you to decide what to do with the user/pass. Basically, you would usually store the credentials in a database and then authenticate the users against the database, not Linux Shell itself. Since I am a newbie, I may have misunderstood some concepts here. Most of them. PHP is a programming language, not a shell interface or something. Stays up to you what to do once user runs your PHP script. -- Maxim Maletsky [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Security question with PHP on Unix / Linux.
Hi, I am working on porting PHP onto NetWare. At this point of time, I am trying to understand the way security is implemented for PHP on Unix / Linux. I mean, how are the different users distinguished from Unix / Linux. Do they get to login into the Unix / Linux system? Do they have separate data space for each user? What is the API that is used to login to Unix / Linux. User may enter his username and password on the browser, but how do they get translated onto the Unix / Linux box? Your help in this is appreciated. Thanks, Ananth. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Security question with PHP on Unix / Linux.
Hi, I mailed this earlier, but got no response. Maybe it went unnoticed. So, resending it again. Please read below. Your help in this is appreciated. Thanks, Ananth. Hi, I am working on porting PHP onto NetWare. I am newbie to Unix / Linux systems and at this point of time, I am trying to understand the way security is implemented for PHP on Unix / Linux. I mean, how are the different users distinguished from Unix / Linux. Do they get to login into the Unix / Linux system? Do they have separate data space for each user? What is the API that is used to login to Unix / Linux. User may enter his username and password on the browser, but how do they get translated onto the Unix / Linux box? Since I am a newbie, I may have misunderstood some concepts here. Can someone help me in understanding this correctly? Also, can you point me to any documentation on PHP security on Unix systems. I want some in-depth technical stuff upto what calls are made etc. Your help in this is appreciated. Thanks, Ananth. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security question with PHP on Unix / Linux.
Ananth Kesari [EMAIL PROTECTED] wrote... : I am working on porting PHP onto NetWare. What exactly do you mean? I am newbie to Unix / Linux systems and at this point of time, I am trying to understand the way security is implemented for PHP on Unix / Linux. I mean, how are the different users distinguished from Unix / Linux. From PHP's point of view, every PHP process will run as apache's process, with apache's user. Most often `nobody' or `apache'. Do they get to login into the Unix / Linux system? No. Do they have separate data space for each user? No. Only sessions, if you use them. Sessions have their own unique IDs and are stored in a certain directory by default. A database solution can also be implemented. What is the API that is used to login to Unix / Linux. There is no login to the Unix / Linux. You might write one on your own, if you wish, but that would be your thing. PHP as it is, logs nobody to the Linux, it runs everybody's request as Apache's user. User may enter his username and password on the browser, but how do they get translated onto the Unix / Linux box? Whatever inputted to the broswer, is send to your script. Stays up to you to decide what to do with the user/pass. Basically, you would usually store the credentials in a database and then authenticate the users against the database, not Linux Shell itself. Since I am a newbie, I may have misunderstood some concepts here. Most of them. PHP is a programming language, not a shell interface or something. Stays up to you what to do once user runs your PHP script. -- Maxim Maletsky [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security question with PHP on Unix / Linux.
Ananth, For starters, you are probably on the wrong list - the PHP developers list is probably where you should be asking this question. Second, PHP runs through the web server, so the user is the same user the web server, usually nobody, although that depends on the how the web server is installed. No one is encouraged to all access to the underlying system through the web server, although the exec() function allows execution of some commands. I can't help you much more than that, and I believe the other list will be more fruitful. Regards - Miles Thompson At 07:54 AM 2/4/2003 -0700, Ananth Kesari wrote: Hi, I mailed this earlier, but got no response. Maybe it went unnoticed. So, resending it again. Please read below. Your help in this is appreciated. Thanks, Ananth. Hi, I am working on porting PHP onto NetWare. I am newbie to Unix / Linux systems and at this point of time, I am trying to understand the way security is implemented for PHP on Unix / Linux. I mean, how are the different users distinguished from Unix / Linux. Do they get to login into the Unix / Linux system? Do they have separate data space for each user? What is the API that is used to login to Unix / Linux. User may enter his username and password on the browser, but how do they get translated onto the Unix / Linux box? Since I am a newbie, I may have misunderstood some concepts here. Can someone help me in understanding this correctly? Also, can you point me to any documentation on PHP security on Unix systems. I want some in-depth technical stuff upto what calls are made etc. Your help in this is appreciated. Thanks, Ananth. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security question with PHP on Unix / Linux.
--- Miles Thompson [EMAIL PROTECTED] wrote: Ananth, For starters, you are probably on the wrong list - the PHP developers list is probably where you should be asking this question. Please do not go around saying this. We have enough problems with these types of posts winding up on php-dev as it is. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security question with PHP on Unix / Linux.
Thanks for your inputs. Will proceed from here. Well, if you did not know, NetWare is an operating system brought out by Novell. We are working on porting PHP onto NetWare. In fact, we already have ported PHP 4.2.3 onto NetWare and we have synched up our souces for the 4.3 branch. Thanks, Ananth. Maxim Maletsky [EMAIL PROTECTED] 02/04/03 08:45PM Ananth Kesari [EMAIL PROTECTED] wrote... : I am working on porting PHP onto NetWare. What exactly do you mean? I am newbie to Unix / Linux systems and at this point of time, I am trying to understand the way security is implemented for PHP on Unix / Linux. I mean, how are the different users distinguished from Unix / Linux. From PHP's point of view, every PHP process will run as apache's process, with apache's user. Most often `nobody' or `apache'. Do they get to login into the Unix / Linux system? No. Do they have separate data space for each user? No. Only sessions, if you use them. Sessions have their own unique IDs and are stored in a certain directory by default. A database solution can also be implemented. What is the API that is used to login to Unix / Linux. There is no login to the Unix / Linux. You might write one on your own, if you wish, but that would be your thing. PHP as it is, logs nobody to the Linux, it runs everybody's request as Apache's user. User may enter his username and password on the browser, but how do they get translated onto the Unix / Linux box? Whatever inputted to the broswer, is send to your script. Stays up to you to decide what to do with the user/pass. Basically, you would usually store the credentials in a database and then authenticate the users against the database, not Linux Shell itself. Since I am a newbie, I may have misunderstood some concepts here. Most of them. PHP is a programming language, not a shell interface or something. Stays up to you what to do once user runs your PHP script. -- Maxim Maletsky [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Security question with PHP on Unix / Linux.
Thanks for your inputs. Will proceed from here. Well, I first posted this query on this list. But seeing no response, I thought probably it should have gone into PHP-dev list. When I posted there, I was discouraged to post such mails there. So, I came back to the general list. Thanks, Ananth. Miles Thompson [EMAIL PROTECTED] 02/04/03 08:32PM Ananth, For starters, you are probably on the wrong list - the PHP developers list is probably where you should be asking this question. Second, PHP runs through the web server, so the user is the same user the web server, usually nobody, although that depends on the how the web server is installed. No one is encouraged to all access to the underlying system through the web server, although the exec() function allows execution of some commands. I can't help you much more than that, and I believe the other list will be more fruitful. Regards - Miles Thompson At 07:54 AM 2/4/2003 -0700, Ananth Kesari wrote: Hi, I mailed this earlier, but got no response. Maybe it went unnoticed. So, resending it again. Please read below. Your help in this is appreciated. Thanks, Ananth. Hi, I am working on porting PHP onto NetWare. I am newbie to Unix / Linux systems and at this point of time, I am trying to understand the way security is implemented for PHP on Unix / Linux. I mean, how are the different users distinguished from Unix / Linux. Do they get to login into the Unix / Linux system? Do they have separate data space for each user? What is the API that is used to login to Unix / Linux. User may enter his username and password on the browser, but how do they get translated onto the Unix / Linux box? Since I am a newbie, I may have misunderstood some concepts here. Can someone help me in understanding this correctly? Also, can you point me to any documentation on PHP security on Unix systems. I want some in-depth technical stuff upto what calls are made etc. Your help in this is appreciated. Thanks, Ananth. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php