|
Posted by Richard Collyer on 05/04/05 20:56
disguised.jedi@gmail.com wrote:
> I'd make a script that went through the httpd.conf file with DOM and
> pulled out all the virtual hosts. Either that or looked at the home
> directory listings for each site. If this is what you were getting at
> (seeing as you mentioned root access and what-not), then read the next
> paragraph. If not, you can skip the next paragraph.
>
> This is quite a dangerous thing to do. Giving PHP root access to your
> server is like giving a homeless guy your credit card. Anyone can
> access the resources that PHP uses if they try hard enough. You might
> as well just hand every hacker on the web a little Post-It note with
> your root password on it.
Indeed it is. Why don't you have the httpd.conf then the virtual domains
in another file (which is included into the httpd.conf). You can then
use a cron to copy this (the vir doms) to another file (say the dir
above webroot) and chown it to www:www for use with apache. PHP can then
read this parse the ServerNames without having it read the root dirs or
giving it special access rights.
Cheers
Richard
Navigation:
[Reply to this message]
|