Hi I have a server with multiple users, each with user space that may contain a public_html directory. The main site also has a web page, but I'm having trouble configuring PHP securely.
Anyone with access to PHP can write a script to find and print out any file in the main page, and one of these files may contain secure information, like passwords etc. It seems that the only way to get around this is to use php in cgi-bin mode. What I want to do is make this transparent to users, so that they don't need to make their files executable and put the #!/usr/bin/php4 -q on the top of each php file. If I can make it so they don't even realise that they're using cgi-bin php, then that's perfect. Is there any way I can do this? I'm using php 4.2.x with apache 1.3.x on top of Debian GNU/Linux potato/stable. Thanks --jaa -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
