Re: Deny Access To configuration file using php scripts

From: Marcel Prisi (marcel_at_virtua.ch)
Date: 03/01/05

  • Next message: Bruce Garlock: "Re: Deny Access To configuration file using php scripts"
    Date: Tue, 01 Mar 2005 20:37:24 +0100
    To: raT <ratmole@gmail.com>
    
    

    Hi,

    Have a look at php's safe-mode :

    http://www.php.net/features.safe-mode

    You can easily restrict any virtual host to some dir.

    You may also have a look at the "disable_functions" php.ini directive
    which disable any function you don't want.

    Best regards.

    raT wrote:

    >Hello i have a web server and i have a major problem
    >
    >some of my users are trying to find my pass for my mysql database.
    >
    >the first thing they do is a
    >system ('cat /var/www/path to config file');
    >inside a php script
    >
    >my problem is to deny this file from being read throu the script since
    >the apache deamon runs as nobody
    >and it has to have read permision to the configuration file.
    >
    >my users have shell acount and can create files in the public_html folder.
    >any help?
    >snif!
    >
    >thanks in advance.
    >
    >


  • Next message: Bruce Garlock: "Re: Deny Access To configuration file using php scripts"