First of all sorry if you have already read this on one of the other PHP Mailing Lists, the reason I am posting it in a couple of different ones is because I really do believe that many people can make use of this extenstion and I know there are people out there who need this extension because I have read post about people who are having problem hiding SQL passwords in scripts etc.
Anyway here's the message: Hi, Maybe one or two of you may have read a post a while back about a PHP security extention called Scripthash. For those of you who can't remember or don't know this extension it lets you solve the age old problem of hardcoding passwords in your PHP scripts and also makes it possible to execute scripts from PHP as a different user (or even root) safely! This extension can ONLY be used when you are using PHP as an Apache module on a Unix/Linux platform. The original version was hard to install as you would have to compile it into PHP. It also had some major bugs, the new version 0.5 has all previously known bugs fixed and some new features. Scripthash 0.5 is for PHP 4.1.x (only tested with 4.1.1) but users of PHP 4.0.x can download Scripthash 0.4 which is exactly the same but made to run with 4.0.x. The new version is very easy to install, all you need to do is either download the tarball or the RedHat Source RPM and build then install. Then add the following lines to you php.ini extension_dir=/usr/lib/php/extensions extension=scripthash.so then restart Apache. To confirm everything it is working make a script with a call to the phpinfo() function and there should now be a section called Scripthash. To use the extenstion see README.html To use some extended functionality you have to patch the PHP source code then rebuild it. This patch will give you two new PHP globals called $VIRTUAL_UID and $VIRTUAL_GID which contains the user id and the group id of the virtual server being hit, you don't have to do this but you will get more control with scripthash. Finally I'll tell you what I hope to get from posting this message, I would just like to see some interest, bug reports, suggestions, comments and maybe some well written scripthash daemons (see README.html) :). I think this is an extremely useful piece of code and it is now stable and easy to use. You can get/find out more about Scripthash at http://www.scl.co.uk/scripthash/ Sadly we have not had the time to update the documentation for this module but it is on our TODO list and in the mean time we are happy to reply to and emails you send us. Thanks for your time Tom -- *************************************************** List Client SCL Internet Services URL http://www.scl.co.uk/ Tel. +44 (0) 1239 711 888 *************************************************** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
