Re: Deny Access To configuration file using php scripts

• Previous message: David Morel: "Re: Deny Access To configuration file using php scripts"
• In reply to: raT: "Deny Access To configuration file using php scripts"
• Next in thread: Bruce Garlock: "Re: Deny Access To configuration file using php scripts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 01 Mar 2005 20:37:24 +0100
To: raT <ratmole@gmail.com>

Hi,

Have a look at php's safe-mode :

http://www.php.net/features.safe-mode

You can easily restrict any virtual host to some dir.

You may also have a look at the "disable_functions" php.ini directive
which disable any function you don't want.

Best regards.

raT wrote:

>Hello i have a web server and i have a major problem
>
>some of my users are trying to find my pass for my mysql database.
>
>the first thing they do is a
>system ('cat /var/www/path to config file');
>inside a php script
>
>my problem is to deny this file from being read throu the script since
>the apache deamon runs as nobody
>and it has to have read permision to the configuration file.
>
>my users have shell acount and can create files in the public_html folder.
>any help?
>snif!
>
>thanks in advance.
>
>

• Previous message: David Morel: "Re: Deny Access To configuration file using php scripts"
• In reply to: raT: "Deny Access To configuration file using php scripts"
• Next in thread: Bruce Garlock: "Re: Deny Access To configuration file using php scripts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]