[nycphp-talk] Session problem on virtual host?
David Mintz
dmintz at davidmintz.org
Thu Jan 20 15:16:26 EST 2005
On Thu, 20 Jan 2005, Rolan Yang wrote:
> Your post reminded me of an problem I have with shared hosts. Is there
> any way to hide/protect the mysql login/password from other users who
> may have shell access to the same machine? Since the php script
> permissions must be accessible to the web server, anyone could write a
> script which would load and display the source code of any other php
> script on the same machine.
Here's one possible solution:
http://shiflett.org/articles/security-corner-mar2004
See the part about using Apache SetEnv directives. The only downside here
is that you need your sysadmin's cooperation but it's not an unreasonable
request imho.
---
David Mintz
http://davidmintz.org/
"Don't let the liberal media tell you what to think
and feel. If you have hatred in your heart, let it out."
-- Clayton Bigsby, black white supremacist
More information about the talk
mailing list