|
|
Posted by TheTeapot on 10/25/06 07:27
Sorry, I meant to include a few extra things in that last email that I
thought of after sending. (as I generally always do)
#1: It's a Mac OS X system.
#2: I'll be installing the PHP build "Entropy" by Marc Liyanage.
#3: I generally get on quite well with him, I just need to convince him
that PHP when running as (www) user can't do anything dangerous.
Is there some obvious document which says all of this (which us
developers know automatically)?
Those who can't do something, teach it!
Erwin Moller wrote:
> TheTeapot wrote:
>
> > I have been using PHP for several years now, but I have been given a
> > project at my High School which has recently set up a web server, which
> > I would love to use PHP with (and Smarty, but that's a different
> > matter).
> >
> > The only problem is that I need to convince the Head Teacher of
> > Computing that it's a good idea to install PHP. His main concern is
> > that a student will be able to download a script off the Internet and
> > use it to look at other user's documents, steal passwords, etc..
> >
> > Any ideas as to what I can tell him?
>
> Tell him to learn what file permissions and users are.
> A PHP script runs as a certain user (often apache or www-data or nobody),
> and thus PHP has the rights of that user.
> So running PHP is no different from having more users on the same system.
> If you store a file in your private home directory, and you decide to give
> the world read/write permissions on that file, anybody can read/change it.
>
> This is a matter of good usermanagement, and educated users. PHP has nothing
> to do with that.
>
> Tel him that.
>
> Also, what OS are we talking about? Some *nix or W$? If the latter, don't
> mind talking about security, the number of patches (to patch rootaccess)
> for W$ released indicated that W$ will never be anywhere near secure in the
> near future.
>
> If he doesn't listen, ask him for detailed arguments, and post them here. I
> am sure somebody will help you to make your case for the sake of PHP.
> :-)
>
> Regards,
> Erwin Moller
Navigation:
[Reply to this message]
|