NYCPHP Meetup

[nycphp-talk] Session problem on virtual host?

David Mintz dmintz at davidmintz.org
Thu Jan 20 15:16:26 EST 2005


On Thu, 20 Jan 2005, Rolan Yang wrote:

> Your post reminded me of an problem I have with shared hosts. Is there
> any way to hide/protect the mysql login/password from other users who
> may have shell access to the same machine? Since the php script
> permissions must be accessible to the web server, anyone could write a
> script which would load and display the source code of any other php
> script on the same machine.

Here's one possible solution:

http://shiflett.org/articles/security-corner-mar2004

See the part about using Apache SetEnv directives. The only downside here
is that you need your sysadmin's cooperation but it's not an unreasonable
request imho.


---
David Mintz
http://davidmintz.org/

"Don't let the liberal media tell you what to think
and feel. If you have hatred in your heart, let it out."

   -- Clayton Bigsby, black white supremacist



More information about the talk mailing list