I've been thinking some more about the issue of keeping PHP
source files secure in a shared hosting environment. I've now
convinced myself that there is simply no way to protect these
files, even if safe_mode is turned on, as long as other users can
have telnet (or ssh) access to the box.
The hosting provider could probably implement a solution... Alter the FTP
configuration to automatically set the group permission to that of the web
server when you transfer files. You wouldn't need to be in the group.
You're the owner and can modify your own files. World Read access would be
try this for now.
http://pobs.mywalhalla.net/
depending on how fancy your code is it may not work. Or you'll only have
to change a few little things.
basically what it does is :
for($bob=1; $bob10; $bob++){
echo $bob;
$sam=$bob;
}
Converts above to something like
On Sunday 30 June 2002 09:52, Justin French wrote:
on 29/06/02 3:20 AM, Tamas Arpad ([EMAIL PROTECTED]) wrote:
I was thinking if you use 90 character long filenames, assuming you
only use the letters of the alphabet and the digits then you would
have 62^90 different filenames, which is
On Friday, June 28, 2002, at 06:14 PM, Lazor, Ed wrote:
The hosting provider could probably implement a solution... Alter the
FTP
configuration to automatically set the group permission to that of the
web
server when you transfer files. You wouldn't need to be in the group.
You're
Easy,
http://www.zend.com/store/products/zend-encoder.php
Dan
-Original Message-
From: Erik Price [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 01, 2002 7:29 AM
To: Lazor, Ed
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Keeping Secrets in PHP Files
On Friday, June 28, 2002, at 06:14 PM
Dang. $2880 is kind of expensive! I wish they'd base licensing more on how
many copies your encoded program you sell.
-Original Message-
http://www.zend.com/store/products/zend-encoder.php
This message is
Sorry, Wrong topic.
http://www.php-encoder.com/
Looks like beta is starting soon for this, so we should see it in a little bit.
They have an option for per script charge.
You upload the file and it gives you a compiled one.
My guess it is the same thing as Zend encoder, just not as expensive.
try this for now.
http://pobs.mywalhalla.net/
depending on how fancy your code is it may not work. Or you'll only have
to change a few little things.
basically what it does is :
for($bob=1; $bob10; $bob++){
echo $bob;
$sam=$bob;
}
Converts above to something like
on 29/06/02 3:20 AM, Tamas Arpad ([EMAIL PROTECTED]) wrote:
I was thinking if you use 90 character long filenames, assuming you only
use the letters of the alphabet and the digits then you would have 62^90
different filenames, which is roughly 2E161 (2 followed by 161 zeros),
which is quite
-Original Message-
From: Peter J. Schoenster [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 29, 2002 1:27 AM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] Keeping Secrets in PHP Files
Yeah, you are assuming an environment that does
not necessarily have to be. Why must one Apache
The recent thread on security has prompted me to think about
security in a shared server environment. I want to see if my
understanding is correct ...
Let's say I am in a shared server environment the provider does
NOT have safe_mode turned on. In that case, it seems to me that
it is insecure
On Friday, June 28, 2002, at 09:30 AM, Jonathan Rosenberg wrote:
Let's say I am in a shared server environment the provider does
NOT have safe_mode turned on. In that case, it seems to me that
it is insecure to keep secrets (e.g., DB passwords) in a PHP
file that is executed by the
this just opens up the same hole. Yes?
-Original Message-
From: Erik Price [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 28, 2002 9:43 AM
To: Jonathan Rosenberg
Cc: php-list
Subject: Re: [PHP] Keeping Secrets in PHP Files
On Friday, June 28, 2002, at 09:30 AM, Jonathan
Rosenberg wrote
From: Jonathan Rosenberg [EMAIL PROTECTED]
Let's say I am in a shared server environment the provider does
NOT have safe_mode turned on. In that case, it seems to me that
it is insecure to keep secrets (e.g., DB passwords) in a PHP
file that is executed by the server.
I say this because
]]
Sent: 28 June 2002 2:52 PM
To: Erik Price
Cc: php-list
Subject: RE: [PHP] Keeping Secrets in PHP Files
Thanks for the reply. But changing the ground read permission of
the PHP files wouldn't help, either, would it? Because the other
users who have web sites can just create a PHP file
Thanks for the reply. But changing the ground read permission of
the PHP files wouldn't help, either, would it? Because the other
users who have web sites can just create a PHP file that reads my
PHP files from one of their pages (which would be running in
group websecret).
Seems like
On 28 Jun 2002 at 17:54, Jonathan Rosenberg wrote:
-Original Message-
From: 1LT John W. Holmes [mailto:[EMAIL PROTECTED]]
Subject: Re: [PHP] Keeping Secrets in PHP Files
With shell access, you can't see each others
files. This is where the permissions come into
play
18 matches
Mail list logo
