[nycphp-talk] Shared host db credentials solution
Chris Shiflett
shiflett at php.net
Tue Aug 15 12:36:31 EDT 2006
Aaron Fischer wrote:
> In order for apache to be able to read the variables, the
> apache account will need access to it. The problem with
> this is the most likely account to be compromised on websvr
> is the apache account.
They're probably just not thinking it through. If Apache is bound to
port 80, then it is running as root. This process can read the file, but
child processes (running as nobody or some other unprivileged user)
cannot. This has nothing to do with knowing the location of the file and
everything to do with file permissions.
> You don't have your own VirtualHost area.
Can you explain this or give us an example URL?
Chris
--
Chris Shiflett
Principal, OmniTI
http://omniti.com/
More information about the talk
mailing list