The directory protection is part of php's safe_mode stuff, have a look under php and security in the php manual.
There are 4 ways currently to enhance security on php/midgard, 1. run midgard as is with php safe mode vars (if you look _waaaaaay_ back in the archives I posted a short summary of recommended safe mode vars) - you should be able to specify which virtual host has access to which directories etc...... although beware that unless you have the latest mysql it is possible to get arround that by doing mysql INCLUDE FILE (or something similar) 2. run it as php-cgiwrap'ed, this will change the running cgi to the users identity (rather than apache), this method only really works with midgard-lite. - it does allow 1 midgard enviroment for each user, just ensure that the apache user does not have write access anywhere, you should be ok.. 3. attempt to get it running with apache 2.0 which will run different virtual domains under different user identities AFAIK. (not tested though) 4. use a chroot jail type enviroment - means that you will run 1 apache master process per user running in their own chroot enviroment (most difficult to set up, but probably the most secure) AFAIK this also requires 1 ip per user.. AFAIK the reason why zope can do this, is that it is actually running it's own web server, which effectively does what apache2.0 does. The attitude from the php developers is pretty much leave this part up to apache, duplicating the resources of building a really secure web server is not their goal, and I think apache may have a few more resources......... regards alan Dennis Gearon wrote: >However, the Zope project still supplies the security necessary to keep >uploaded python scripts from writing out of the directories they have >permission for, or accessing the database through anywhere but the >objects provided. > >>From what emiliano says, MGD-Lite will not protect directories from the >scripts of others after they are uploaded. > >Henri Bergius wrote: > >>On Mon, 2002-03-25 at 21:20, Dennis Gearon wrote: >> >>>Zope has the ability to put the entire executable in the cgi-bin >>>directory of the user's account. It has a stripped down version of >>>python, and the permissions/database engine of zope in it. >>> >>You should be able to do the same by using Midgard-lite, >>which is a pure PHP port of Midgard. You'll find it from: >> >>http://cvs.midgard-project.org/midgard/midgard-lite/ >> >>Of course you need a MySQL database and PHP on the server, but >>many ISPs provide these. >> >>/Bergie >> >>-- >>Henri Bergius [EMAIL PROTECTED] >>Consultant Partner Tel: +358-20-198 6032 >>Nemein Solutions Oy http://www.nemein.com >> >>Nadmin Studio and Midgard support at 0600-1-2552 available for Finnish >>customers. >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
