|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Sander Steffann (steffann
nederland.net)Date: Fri Jul 06 2001 - 03:25:13 CDT
Hi,
> Usually the Webserver is able to read the sources of the PHP
> scripts. PHP scripts may include passwords for database access.
> Since PHP is usually mod_php and not suexec'd, this seems to be a
> common problem. With account to such databases really important
> damage could be done!
It's possible to protect yourself against this. PHP has an so-called
open_basedir restriction, with which you can specify the directories that a
script is allowed to access. You can set a different restriction for every
VirtualHost.
Sander.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]