I'm assuming you're using mod_php. For a virtual-hosted environment,
I don't think that can be made 'secure'. You probably need to switch
to suexec and fastcgi php. That way the php scripts are run as your
user rather than the 'www' user. You might glance at this:
>
> Thanks for your reply! However, apache has to be able to
> access /a/ totally/different/path/to/db, so this means that
> any user on the same server can access it via e.g. a PHP web
> page, if they know that path, is that correct?
>
Yes, but
>
> >> In MySQL for example, this is
> Just because "apache" the user account on your compute can access the
> db, doesn't mean apache the webserver is serving that file.
>
> My webserver runs as user "www"
>
> My db is under ~/Data//database.db owned by me, but chmod-
> ed to 666
>
> The webserver serves only files under ~/Sites//
On 4/22/08, Thomas Robitaille <[EMAIL PROTECTED]> wrote:
> Thanks for your reply! However, apache has to be able to access
> /a/totally/different/path/to/db, so this means that any
> user on the same server can access it via e.g. a PHP web page, if they know
> that path, is that correct?
Just
Thanks for your reply! However, apache has to be able to access /a/
totally/different/path/to/db, so this means that any user on the same
server can access it via e.g. a PHP web page, if they know that path,
is that correct?
Thomas
On 22 Apr 2008, at 15:14, P Kishor wrote:
> On 4/22/08,
On 4/22/08, Thomas Robitaille <[EMAIL PROTECTED]> wrote:
> Hi everyone,
>
> I am in the process of setting up a forum which uses SQLite on a web
> server which has ~50 other users. I can create a directory for the
> sqlite database, which I chown to 'apache' (the user under which the
> web
Hi everyone,
I am in the process of setting up a forum which uses SQLite on a web
server which has ~50 other users. I can create a directory for the
sqlite database, which I chown to 'apache' (the user under which the
web server is run). However, because the database is then writable by
7 matches
Mail list logo