Re: [PHP-DB] security in PHP under Apache
Check out suExec on the Apache website. Also, Apache 2 allows each virtual host to run as a different user - this alleviates some security issues. --zak - Original Message - From: Terry Romine [EMAIL PROTECTED] To: Jonathan Hilgeman [EMAIL PROTECTED] Cc: 'Simon R Jones' [EMAIL PROTECTED]; PHP-DB (E-mail) [EMAIL PROTECTED] Sent: Wednesday, May 23, 2001 1:12 PM Subject: Re: [PHP-DB] security in PHP under Apache But how do you set it so a webuser would run sudo? That sounds pretty dangerous, to me. I have a similar situation where I want PHP to create a subdirectory and set privileges to it based on the login user. I end up having to create the directory by hand via SSH and then run the php script. Terry On Wednesday, May 23, 2001, at 12:36 PM, Jonathan Hilgeman wrote: PHP runs via Apache, so it adopts the user that Apache uses, essentially. You can use a program like sudo to allow them to run certain commands on the server. Jonathan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] True and Flase in mysql !!
Use an enum field. --zak - Original Message - From: DesClub.com [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, May 10, 2001 2:43 AM Subject: [PHP-DB] True and Flase in mysql !! hi all .. What is the best way to create True\Flase field in mysql ?? - http://deslcub.com/phpLinkat/ DesClub.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] extracting login name
If you are running PHP as an Apache module, you should have access to the user authentication data as $PHP_AUTH_USER and $PHP_AUTH_PW - see the features section of the PHP manual for more information. --zak - Original Message - From: olinux [EMAIL PROTECTED] To: PHP-DB [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, April 26, 2001 1:45 AM Subject: [PHP-DB] extracting login name Hey all, I have a htpsswd protected directory and would like the client to only log on once. Is there a way i can get their USERNAME so that i can pull the correct records from the db? thanks much olinux -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] extracting login name
Quite right - thanks for the correction Paul! :) --zak - Original Message - From: Paul Burney [EMAIL PROTECTED] To: olinux [EMAIL PROTECTED]; PHP-DB [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, April 25, 2001 11:07 PM Subject: Re: [PHP-DB] extracting login name on 4/26/01 12:45 AM, olinux at [EMAIL PROTECTED] wrote: I have a htpsswd protected directory and would like the client to only log on once. Is there a way i can get their USERNAME so that i can pull the correct records from the db? IIRC, $PHP_AUTH_USER and $PHP_AUTH_PW are only set if PHP is sending the authentication. If they don't work for you, you should be able to use the environment variable $REMOTE_USER. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]