#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2000
    Posts
    8
    Rep Power
    0
    My ISP is running PHP3 in safemode as a Apache Module.
    This means that I only include files (for example files which contain passwords and usernames for MySQL access) which are located in a web directory (htdocs/) which is accesible to everyone.
    My concern is that if some sort of server error or misconfiguration occurs that the PHP3 source code (and thereby passwords and usernames) can be viewed by everybody.
    What are the chances of this happening (that the server does not parse the php3 code and just sends the source code)?
    What possibilities do I have making my scripts safe?
    Can I overide the safemode with .htaccess ?

    Tom.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 1999
    Location
    New York City
    Posts
    69
    Rep Power
    16
    I end up storing those kinds of files outside of the root folder ie.
    /home/myhome/config/passwords.inc
    instead of
    /home/myhome/htdocs/passwords.inc

    This way, if some misconfiguration occurs, then it would just show the include line, and nothing else.

    ------------------
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2000
    Posts
    8
    Rep Power
    0
    Hi, thanks for your suggestion.
    But your suggestion will not work when php runs in safe mode: you are only allowed to include files from the htdocs folder.

    Tom
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2000
    Posts
    43
    Rep Power
    15
    Tom,
    I guess I did not read your question correctly.

    Do this:
    1. Create a new .htaccess protected directory and place your includes in it.
    2. Include them from your scripts.

    So if the server is not configured for PHP, it will ask you for a password if someone goes in there. Otherwise it will just echo the main PHP script as a text file.

    ------------------
    PHP, Perl, SQL Programming at http://www.mentalobjects.com

Similar Threads

  1. Members Only page security - please help
    By ariadne_ac in forum XML Programming
    Replies: 1
    Last Post: February 5th, 2004, 06:40 PM
  2. How to implement a security sub-system?
    By simplesimple in forum Beginner Programming
    Replies: 2
    Last Post: January 24th, 2004, 05:33 PM
  3. How to write IP Security Policy Programming code in Visual Basic
    By linh in forum Visual Basic Programming
    Replies: 3
    Last Post: October 28th, 2003, 09:04 PM
  4. Upload security concern
    By poshlivin in forum Security and Cryptography
    Replies: 1
    Last Post: July 28th, 2003, 09:03 AM
  5. Security concern
    By agblee1970 in forum Security and Cryptography
    Replies: 3
    Last Post: May 1st, 2003, 04:30 AM

IMN logo majestic logo threadwatch logo seochat tools logo