[thelist] PHP & Virtual Server Security

Anthony Baratta Anthony at Baratta.com
Mon May 22 01:52:00 2000

Previous message: [thelist] JavaScript call form submit
Next message: [thelist] Using javascript in a map
Return to the message index sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael Fritz wrote:
> 
> Thanks for the reply Anthony. The only catch is that other people have
> virtual hosts on the same machine that I'm on. Since the web-server needs to
> have read-access to my PHP file, I would think that someone else who has a
> site on the same machine could write their own server-side program that
> would have the web server read my PHP files.
> 
> Would moving my connection parameters to an 'include' file outside of the
> document root solve this problem?

Remember that if the web server 'reads' the file, the web server will pass it through
the PHP parser and therefore just execute your code - not show the source.

What the 'offending' user might try is to run a perl/shell script via the web server
that copies/reads the contents of the file from your directory to their directory -
by passing the PHP parser. There is not much you can do to stop that.

I guess it boils down to a matter of trust.
-- 
Anthony Baratta
President
KeyBoard Jockeys
                    South Park Speaks Version 3 is here!!!
                       http://www.baratta.com/southpark
                              Powered by Tsunami

Previous message: [thelist] JavaScript call form submit
Next message: [thelist] Using javascript in a map
Return to the message index sorted by: [ date ] [ thread ] [ subject ] [ author ]