You are here: Re: [PHP] protect password? « PHP « IT news, forums, messages
Re: [PHP] protect password?

Posted by David Tulloh on 10/21/07 11:31

Richard Lynch wrote:

>On Fri, November 4, 2005 5:44 pm, Pablo Gosse wrote:
>
>
>>By setting the file readable only by root this problem is completely
>>eliminated. Unless a hacker has the root password, they will not be
>>able to compromise the information in this file.
>>
>>This is how I understand it, at least. If Chris reads this perhaps he
>>can confirm this for me?
>>
>>
>
>If only 'root' can read the file, and PHP can read the file (IE, your
>script still works) then you have HUGE problems, because your PHP
>script, and all of Apache, is running as 'root'...
>
>

I think you've missed the trick of the method. The file is included
into the Apache config, not into php.
So Apache reads the file before it lowers itself to the http user. This
means that PHP can't read the file, but it can still get the information
via Apache.

Further, the file doesn't have to be readable only by root, just not
readable by the http user.
So owning the file personally and putting -rw------- permissions on it
should be sufficient, and achievable on a shared host.

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация