So it involves preventing the PHP module from using files that the
initial user of the executing PHP file doesn't have permission for, that
probably DOES have to be in mod-midgard, unless the files were ALL
encrypted and the user needed the code word for each role to unecrypt
it. SLOW. OTOH, if it were done in ORACLE, then each user would have the
user permissions of their ORACLE account, sub/account and thaat could
block it. I wonder what the permission scheme of MySQL is by comparison.
Instead of making the server do the permissions, make the database do
it!
Dennis Gearon wrote:
>
> Sounds to me like aa better permission system, written in PHP with a
> database backend would do the job? All files have to go through
> index.php, right? I guess the hole is in the execution of the uploaded
> php files, huh? THEY have lots of access, locally, just include them
> from your file and read them. HMMMMMM.
>
> Matthias Englert wrote:
> >
> > > Is there a comparison chart, like the barebones HTML
> > > doc I have quoted below, comparing Regular/Lite, Regular/LessFilling,
> > > Midard?
> >
> > I don't think so...
> >
> > Don't forget that there is a security problem in midgard-lite. Everyone
> > who has write access can get the mysql login/password.
> >
> > I have thought a lot about this. The problem is that you can get so many
> > informations in php. You can get a list of classes, of functions, of
> > class variables... you can hide nothing. I have only one idea left but
> > this one is not thought out. So it could be complete crap:
> >
> > We have public functions and private functions. Every private function
> > needs a key as parameter if you call (if the key is wrong we sleep for
> > some time or call exit).
> >
> > //private function
> > function test($key, $other, $params) {
> >
> > /* KEY-BEGIN */ $int_key = "this would be generated by installation and
> > maybe perodical"; /* KEY-END */
> >
> > if ($key != $int_key)
> > exit;
> > }
> >
> > //public function
> > function mgd_test_func($params) {
> >
> > /* KEY-BEGIN */ $int_key = "this would be generated by installation and
> > maybe perodical"; /* KEY-END */
> >
> > test($int_key, "some stuff", "goes here");
> >
> > }
> >
> > Any thoughts?
> >
> > Of course it would be some work to change midgard-lite this way. But
> > now, Dennis, you are there... ;-)
> >
> > Matthias
> > ps: Some of the update / create / move functions and some of the more
> > "special" functions are not implementet yet.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
>
> --
>
> If You want to buy computer parts, see the reviews at:
> http://www.cnet.com/
> **OR EVEN BETTER COMPILATIONS**!!
> http://sysopt.earthweb.com/userreviews/products/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
--
If You want to buy computer parts, see the reviews at:
http://www.cnet.com/
**OR EVEN BETTER COMPILATIONS**!!
http://sysopt.earthweb.com/userreviews/products/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
