no no and no.
You can chown the whole directory with it's contents to a specific user
using that directory. In this way no cd is possible.
This should be done automatically when creating user accounts. There are
even softwares to do that - they create you a directory, user, group, add
vhost and reboot apache. This kind of things is easy to avoid by organizing
permissions rules between server users.
Sincerely,
Maxim Maletsky
Founder, Chief Developer
PHPBeginner.com (Where PHP Begins)
[EMAIL PROTECTED]
www.phpbeginner.com
-----Original Message-----
From: Kittiwat Manosuthi [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 17, 2001 2:08 PM
To: [EMAIL PROTECTED]
Subject: [PHP] way to protect .php file
In a virtual hosting environment, even though a directory permission is
set to 751, but you still need to leave world-readable permission on
individual php file that is to be read from a browser. In a scenario
where there's another user in the same server who can guess (or even
get, from URL) the name of php files, he can simply: cd
/home/user1/html; more thatfile.php. If thatfile.php contains
username/pwd to a db, this can lead to a compromise on that db.
Moreover, many times that db name is the same as username, as well as db
pwd is the same as user password!
Is there anyway one can protect this?
Thanks
-kittiwat
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
