Re: Deny Access To configuration file using php scripts
From: Josh Sholes (sholes_at_zedxinc.com)
Date: 03/01/05
- Previous message: Bruce Garlock: "Re: Deny Access To configuration file using php scripts"
- In reply to: raT: "Deny Access To configuration file using php scripts"
- Next in thread: Suramya Tomar: "Re: Deny Access To configuration file using php scripts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-linux@securityfocus.com Date: Tue, 1 Mar 2005 14:31:39 -0500
On Tuesday 01 March 2005 12:54, raT wrote:
> Hello i have a web server and i have a major problem
>
> some of my users are trying to find my pass for my mysql database.
>
> the first thing they do is a
> system ('cat /var/www/path to config file');
> inside a php script
>
> my problem is to deny this file from being read throu the script since
> the apache deamon runs as nobody
> and it has to have read permision to the configuration file.
>
> my users have shell acount and can create files in the public_html folder.
> any help?
> snif!
I'll leave the web security half of this question to the
web-security-knowledgable types, and just answer the "any help" part:
Problem users should find their accounts locked. Zero-tolerance.
Anything less, IMHO, is making yourself an accessory to the hijacking of your
own server.
> thanks in advance.
-- Josh Sholes System Administrator ZedX Inc. sholes@zedxinc.com
- Previous message: Bruce Garlock: "Re: Deny Access To configuration file using php scripts"
- In reply to: raT: "Deny Access To configuration file using php scripts"
- Next in thread: Suramya Tomar: "Re: Deny Access To configuration file using php scripts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
