Andrew Hutchings wrote:
> In article
> <[EMAIL PROTECTED]>quickshift
> [EMAIL PROTECTED] ("Nathan Nobbe") wrote:
>
>> ------=_Part_178329_18179255.1183569772294
>> Content-Type: text/plain; charset=ISO-8859-1;
>> format=flowedContent-Transfer-Encoding: 7bit
>> Content-Disposition: inline
>>
>> this is getting good; i want to know why its *flawed* now too.
>>
>> no pressure :)
>>
>
> OK, well, for example page 3 of the book suggests making PHP output
> errors into Apache's error_log. To do this on Linux it means PHP
> would have to be run as root.
huh? funny thing is that on all the machines I work with Apache runs under
it own user (apart from at start up when it briefly urns as root before
switching),
I run php as an Apache module (I'm assuming we're not talking about php cli
given that
we're mentioning Apache), this means php is running in the context of the
apache user
... and btw is quite capable of logging to the Apache error_log
running php as a CGI probably means you can't have php (which is probably
running in
the context of the site owners' user account) log to the general apache
error_log but
in such cases I would assume that the server configuration included error and
access logging
on a per (v)host basis.
seems like your spreading FUD - I doubt Chris Shiflett is perfect and I'm sure
he's
probably made a few security mistakes of his own but your current example is
not one of them
AFAICT.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
