Re: Deny Access To configuration file using php scripts
From: Marcel Prisi (marcel_at_virtua.ch)
Date: Tue, 01 Mar 2005 20:37:24 +0100 To: raT <email@example.com>
Have a look at php's safe-mode :
You can easily restrict any virtual host to some dir.
You may also have a look at the "disable_functions" php.ini directive
which disable any function you don't want.
>Hello i have a web server and i have a major problem
>some of my users are trying to find my pass for my mysql database.
>the first thing they do is a
>system ('cat /var/www/path to config file');
>inside a php script
>my problem is to deny this file from being read throu the script since
>the apache deamon runs as nobody
>and it has to have read permision to the configuration file.
>my users have shell acount and can create files in the public_html folder.
>thanks in advance.