Dear Bill Leonard, Once you wrote about "[PHP] In a shared environment...": > Relative newbie here, and I am just coming to grips with something that I > think is a very bad thing... Please tell me I am wrong. > > When using PHP, it is the Apache user that actually performs things, and > therefore needs permissions. For example, if I want to write data to a file, > I have to chmod o+w the directory it's in to get that to happen.
You can use PHP not only in combination with web server (like Apache), but also as a standalone compiler/interpreter (/usr/bin/php). > The trouble with this, is a shared environment, doesn't this give anyone who > can use PHP on your system the ability to write over any other user's file > if they know the name of it? Am I missing something fundamental here? If you are using PHP as a standalone tool there is no problem with this. On the other hand, if you do web development, then you do not usually write to files. You use database. If there is something you absolutely HAVE to write to file, then you can use /tmp directory for that purposes. -- Best regards, Leonid Mamtchenkov, RHCE System Administrator Francoudi & Stephanou Ltd. BOFH: It's stuck in the Web. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
