[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Where to put PHP database connection info fileon RaQ3?

Subject: RE: [cobalt-users] Where to put PHP database connection info fileon RaQ3?
From: "Clark E. Morgan" <cmorgan@xxxxxxxxxxxxxxxxx>
Date: Thu Nov 1 19:42:34 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> "Marco Baurdoux" <linux@xxxxxxxxxxxxx> wrote:
> > put the file outside of the web directory and create a file
> with only read
> > privileges for the owner of the PHP script !!
>
> If you're implying that will prevent others from reading the file, you're
> correct.  However, I'm afraid that your solution will only work if PHP is
> being run as a CGI instead of as an Apache module.  When run as an Apache
> module, the file needs to be readable by user httpd (user Apache runs as),
> otherwise PHP can't access the file.  <frown>

PHP installed and run as a dso can read and write any appropriately
permissioned file placed anywhere on the system. The new version of
Phorum does this by default and I've modified phpMyAdmin to behave
similarly, as well as all my original work.

There's a very good article about this process and how it can be used to
secure the installation of php and php apps at:

http://www.onlamp.com/lpt/a/php/2001/03/29/php_admin.html

Clark E. Morgan

Follow-Ups:
- Re: [cobalt-users] Where to put PHP database connection info fileon RaQ3?
  - From: Steve Werby

Prev by Date: Re: [cobalt-users] Site name change causing havoc with Webalizer stats
Next by Date: Re: [cobalt-users] [RAQ4r] Deleted domain disappears when I try to re-add it...
Previous by thread: Re: [cobalt-users] Repost - MySQL ver. and ASP Question
Next by thread: Re: [cobalt-users] Where to put PHP database connection info fileon RaQ3?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index