On Thu, January 10, 2008 9:15 pm, Lucas Prado Melo wrote:
Some php applications store database passwords into files which can be
read by the user www-data.
So, a malicious user which can write php scripts could read those
passwords.
What should I do to prevent users from viewing those
On Jan 12, 2008 4:12 AM, Andrés Robinet [EMAIL PROTECTED] wrote:
I guess what you are looking for is mod_suphp. STFW or ask the list, someone
will give you good hints for sure (sorry, have little time right now).
Rob
Thanks, I will take a look.
--
PHP General Mailing List
] On Behalf Of
Lucas Prado Melo
Sent: Saturday, January 12, 2008 8:50 AM
To: Andrés Robinet
Cc: php-general@lists.php.net
Subject: Re: [PHP] PHP shell commands
On Jan 12, 2008 4:12 AM, Andrés Robinet [EMAIL PROTECTED]
wrote:
I guess what you are looking for is mod_suphp. STFW or ask
Suppose we were using apache webserver.
I think obfuscation won't work since with some work a user could read
the password.
How to encrypt/decrypt the password?
On Jan 11, 2008 3:37 AM, Chris [EMAIL PROTECTED] wrote:
Not too much really.
The webserver needs to be able to read a config file.
Some php applications store database passwords into files which can be
read by the user www-data.
So, a malicious user which can write php scripts could read those passwords.
What should I do to prevent users from viewing those passwords?
You could encode your file(s) using something like the
Lucas Prado Melo wrote:
Hello,
Some php applications store database passwords into files which can be
read by the user www-data.
Why not keep them out of the web tree and inform the application
regarding the same. I am sure almost all good applications would provide
a simple way for doing it.
Daniel Brown wrote:
[SNIPPED]
Just keep in
mind that anything that can be accessed by any means is never going to
be 100% secure.
I like the the line :)
--Bipin Upadhyay,
http://projectbee.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
On Jan 11, 2008 6:58 AM, Lucas Prado Melo [EMAIL PROTECTED] wrote:
On Jan 11, 2008 9:33 AM, Bipin Upadhyay [EMAIL PROTECTED] wrote:
Lucas Prado Melo wrote:
Hello,
Some php applications store database passwords into files which can be
read by the user www-data.
Why not keep them out
On Jan 11, 2008 9:33 AM, Bipin Upadhyay [EMAIL PROTECTED] wrote:
Lucas Prado Melo wrote:
Hello,
Some php applications store database passwords into files which can be
read by the user www-data.
Why not keep them out of the web tree and inform the application
regarding the same. I am sure
On Jan 11, 2008 2:16 PM, Daniel Brown [EMAIL PROTECTED] wrote:
Make sure you change the permissions on the directory in which
uploads are saved to be non-readable by anyone (including yourself, in
case the scripts are suexec'd).
For example, if the directory in which you save uploaded
To fix this scenerio, chroot would require different apache processes
running under different users.
On Jan 11, 2008 3:46 PM, Lucas Prado Melo [EMAIL PROTECTED] wrote:
On Jan 11, 2008 2:16 PM, Daniel Brown [EMAIL PROTECTED] wrote:
Make sure you change the permissions on the directory in
Where should I look for further help about mod_php?
How do I beg to someone add a feature in mod_php?
On Jan 11, 2008 8:00 PM, Nate Tallman [EMAIL PROTECTED] wrote:
To fix this scenerio, chroot would require different apache processes
running under different users.
--
PHP General Mailing List
Lucas Prado Melo wrote:
Where should I look for further help about mod_php?
How do I beg to someone add a feature in mod_php?
On Jan 11, 2008 8:00 PM, Nate Tallman [EMAIL PROTECTED] wrote:
To fix this scenerio, chroot would require different apache processes
running under different users.
On Jan 11, 2008 9:28 PM, Jim Lucas [EMAIL PROTECTED] wrote:
What feature would you think about adding to it?
I think we should be able to set (editing httpd.conf in apache) which
folders are visible to any php script (including shell commands
written in it).
So, we could use Directory tags and
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Lucas Prado Melo
Sent: Friday, January 11, 2008 8:50 PM
To: Jim Lucas
Cc: php-general@lists.php.net
Subject: Re: [PHP] PHP shell commands
On Jan 11, 2008 9:28 PM, Jim Lucas [EMAIL PROTECTED] wrote
Lucas Prado Melo wrote:
Hello,
Some php applications store database passwords into files which can be
read by the user www-data.
So, a malicious user which can write php scripts could read those passwords.
What should I do to prevent users from viewing those passwords?
Not too much really.
16 matches
Mail list logo