Posted by Erwin Moller on 10/25/06 07:19

TheTeapot wrote:

> I have been using PHP for several years now, but I have been given a
> project at my High School which has recently set up a web server, which
> I would love to use PHP with (and Smarty, but that's a different
> matter).
>
> The only problem is that I need to convince the Head Teacher of
> Computing that it's a good idea to install PHP. His main concern is
> that a student will be able to download a script off the Internet and
> use it to look at other user's documents, steal passwords, etc..
>
> Any ideas as to what I can tell him?

Tell him to learn what file permissions and users are.
A PHP script runs as a certain user (often apache or www-data or nobody),
and thus PHP has the rights of that user.
So running PHP is no different from having more users on the same system.
If you store a file in your private home directory, and you decide to give
the world read/write permissions on that file, anybody can read/change it.

This is a matter of good usermanagement, and educated users. PHP has nothing
to do with that.

Tel him that.

Also, what OS are we talking about? Some *nix or W$? If the latter, don't
mind talking about security, the number of patches (to patch rootaccess)
for W$ released indicated that W$ will never be anywhere near secure in the
near future.

If he doesn't listen, ask him for detailed arguments, and post them here. I
am sure somebody will help you to make your case for the sake of PHP.
:-)

Regards,
Erwin Moller

[Back to original message]