On 28 Jun 2002 at 17:54, Jonathan Rosenberg wrote: > -----Original Message----- > > From: 1LT John W. Holmes [mailto:[EMAIL PROTECTED]] > > Subject: Re: [PHP] Keeping "Secrets" in PHP Files > > > With shell access, you can't see each others > > files. This is where the permissions come into > > play, because you are logged into the box as a > > specific user, you can only access your files. > > If I change the permissions > > on my files, you can't see them. > > I've been thinking some more about the issue of keeping PHP > source files secure in a shared hosting environment. I've now > convinced myself that there is simply no way to protect these > files, even if safe_mode is turned on, as long as other users can have > telnet (or ssh) access to the box.
snip > I hope wrong. Can anyone find the hole in my reasoning? Yeah, you are assuming an environment that does not necessarily have to be. Why must one Apache server serve all users? Simply because that's the easiest way to do right out of the box? You have 2 scenarios as I see it: 1. Your own box -- no troubles other than the obvious 2. Virtual Server - One Apache for all users ... seems insecure 3. Virtual Server - One Apache for EACH user ... seems quite secure and experience confirms. > http://www.freevsd.org/ > freeVSD is an advanced web-hosting platform for ISPs, educational > institutions and other large organisations. It allows multiple Virtual > Servers to be created on a single hosting server, each with a truly > separate and secure web-hosting environment. This reduces an ISP's > hardware outlay and also lowers the cost of support due to delegated > administration. > > Distributed under the GPL, freeVSD comes complete with a documented > administration protocol and an open-source web-based administration > system. That pretty much describes the server I've used at the company once known as iserver which was bought by Verio and Verio used much of their website but renamed it to viaverio.com (was iserver.com). It looks like they've done the same thing with Oracle. The above people have done it with Linux. I've only used iserver for 7 years now at 3 different companies but that freeVSD really looks good. If someone is using Joe's 4.95 a month hosting solution ...well, what the heck do they expect. Peter -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
