I recently just started using PHP. While it is easy to use, their are some
very frightening security issues that I can't believe more people aren't
complaining about. Security issues that should scare any sane programmer
from using PHP. For instance, PHP scripts have to be world readable. Which
means that anyone who hard coded in a username and password to their mysql
database are putting their database at risk.
Any other user with an account on the system can has the ability to read
another person's PHP source. They could then gain access to their MySQL
account. Even dumb hackers can do this exploit. One other thing I've
noticed is that in order for PHP to write to a text file, that text file has
to be world writeable and world readable. That's crazy.
I do not want my PHP pages to be world readable. I would like SuEXEC to
work with PHP like it does for PERL.
I have looked around the web and have yet to find a good tutorial on how to
enable SuEXEC to work with PHP. I think it would benefit the PHP community
if someone could come up with a clear, concise, easy to read tutorial
explaining how to do this. The link to this tutorial, when it is written,
should be plastered on every PHP site on the web.... or does such a tutorial
exist already?
Please let me know if a tutorial like the one I described above exists.
=========================
Matthew Toledo
Athens Musician Network
[EMAIL PROTECTED]
http://music.athens.oh.us
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
