Posted by Schraalhans Keukenmeester on 04/29/06 10:53

Gordon Burditt wrote:
>>I'm designing a survey form page that will be fairly complex and am
>>becoming confident enough with PHP now to tackle most things.
>>(Thanks to everyone here who has helped)
>>
>>Before I go too far with this I was wondering if anyone could perhaps
>>offer advice or point me to any documents/web pages that could help with
>>ensuring the security of the form/page and site. It is likely that the
>>form will come under attack I expect.
>>
>>Even comments about the best chmod settings are welcome.
>
>
> PHP pages (with an Apache PHP-module setup) have to be world-readable,
> for Apache/PHP to use them.

Not true, at least not on my FC4 box. I have my html & php files all set to:

-rw-r----- 1 root apache 33 Apr 20 05:24 example.php
-rw-r----- 1 root apache 817 Mar 06 11:32 index.html

and they are served up nicely.
All directories in the docroot tree are set to

drwx-r-x--- 2 root apache 4096 Mar 06 11:41 css
drwx-r-x--- 2 root apache 4096 Mar 06 11:41 PHP
drwx-r-x--- 2 root apache 4096 Mar 06 11:43 images

Sh.

• Next in forum: How to make it shorter and better?
• Prev in forum: Re: Why cannot send the MIME html e-mail to gmail?
• Thread view: Re: Looking for general advice on security

[Reply to this message]