NYCPHP Meetup

[nycphp-talk] Htaccess and php user account

Elijah Insua tmpvar at gmail.com
Tue Dec 2 00:47:59 EST 2008


http://tinyurl.com/5ux4q6

On Tue, Dec 2, 2008 at 12:14 AM, Tim Lieberman <tim_lists at o2group.com>wrote:

> On Dec 1, 2008, at 11:38 PM, Michele Waldman wrote:
>
>  Thanks to your soft, delicate input, I've been doing a little more
>> research.
>>
>> I was ps -ef on the linux server.  Php appears to be configured into the
>> server and the process goes down due to misconfiguration, is it not the
>> same
>> process handling the htaccess?  Does that mean basically all web services
>> have stopped on the server and not even htaccess would protect it, leaving
>> the entire server vulnerable?  Or will htaccess still be working?
>>
>
> You're still operating under the impression that something went wrong with
> the software.
>
> Nothing went wrong with the software.  The software worked exactly as it
> was supposed to.  The problem was that it was misconfigured.  (Unless there
> really is some bug in apache that nobody here has ever seen/verified).  So,
> Garbage In (Configuration), Garbage (or, your source files, in this case)
> Out.
>
> Even that facebook story ends up saying:
>
>        "After looking at every possible angle, I was unable to configure
> our Apache build to serve source code even if we wanted to. What we
> eventually found was a single server running a standard distribution build
> of Apache in our production pool of several thousand web severs. A lot has
> been posted online blaming PHP for this, however, the server that we
> eventually found was not running PHP."
>
> http://sizzo.org/wp/2007/09/youre-source-code-is-showing
>
> He goes on to suggest the same thing I did in my last message.
>
>
>  So, if this is a misconfiguration issue, that means if you don't have a
>> sys
>> admin, that the programmer needs to learn the configuration and ensure
>> it's
>> correct on the server?
>>
>
> If you rely on a server to deploy your applications you should do one of
> two things:
>
>        1) Know enough about server administration/configuration
>        2) Pay someone (or some organization) that does.
>
>
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081202/ba014e76/attachment.html>


More information about the talk mailing list