>> Be warned that if PHP can delete them, so can anybody else on the shared >> server who wants to write a PHP script to delete them, unless you've >> configured PHP specially to run as a specific user, which is unlikely for >> most ISP setups. > >How can PHP be configured to run as a specific user? I'm referring to a >DSO installation, where I assume that because PHP is 'part' of Apache, it >would be the same user as Apache.
Apache 2.0 allows that... Meanwhile, in *CURRENT* ISP-land :-) Some ISPs give you *BOTH* Apache as Module (DSO) and as CGI via suExec, using different extensions. So for those really critical security pages that need to run as you, use the .phpcgi (or whatever) extension and leave the rest as "normal" .php Actually, I don't even know what the extension is that does .phpcgi on my servers, I just use the ForceType directive to set the mime-type. It's nice to be able to run a PHP script as "me" when I have to instead of as "nobody" Very nice. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
