Dennis Gearon wrote: >In the 'bare bones' system that you described, is it possible for the >sysop to set up php, running as the apache user, to execute, (i.e. >include/require) a script, but to not be able to read it? > >Or, by some means, to include it, but since it is in the user's account >but out of the web tree, not be able to read it into a variable? > unfortuntaly not (AFAIK), even it that was possible, you would then have to hide the 'midgard classes, which hold the password', and since they are needed by the running program, its a bit difficult anyway...
as I say, the only way is to use some kind of socket connection to a application server running on the current machine : eg. srm - which does all this stuff... in the bare bones scenario - it is assumed that you would probably want to use a standard midgard on a staging server (eg. at home or in the office on vmware or linux), then dump the database onto the live 'midgard-lite' server - where the midgard lite one would probably have no write access to the database... regards alan > > >Matthias Englert wrote: > >>>as far as security in [a] - midgard lite's security is about as good as >>>it's going to get :) >>> >>You're disillusion me Alan ;-) >> >>But of course your right - most likely. I should learn to listen to you >>:-) >> >>Matthias >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
