PHP shared server security

Dev Shed Forums Sponsor:

December 17th, 2000, 02:52 PM

www.mybizhosting.com

Contributing User

Join Date: Sep 2000

Posts: 36

Time spent in forums: < 1 sec
Reputation Power: 13

I have a client that brought to my attention a very interesting problem.

If he has a website (www.domain.com) and he has a php page on it (order.php) that connects to the database. He has the user and pass in the page.

ok.

This is a linux server.

It seems that another person on the server could just figure out what directory he is in.

Then just do "vi order.php"

so they could read the user and pass and then connect to the database and steal information.

or even steal the scripts

I hope I explained this ok.

Does anybody have a solution to this?

I sure hope so.

Visit http://phphost@mybizhosting.com for great deals

------------------
Adam Kling
President
MyBizHosting
http://www.mybizhosting.com

Everybody that signs up with us becomes a reseller. Get additional accounts at discount!

December 21st, 2000, 07:58 AM

tress

Junior Member

Join Date: Dec 2000

Posts: 5

Time spent in forums: < 1 sec
Reputation Power: 0

this is a problem,
he will have to set up the permissions on his files very carefully, take into account what group he is in (as other users) and what user your webserver runs as (group(s) its in),

------------------
http://plebian.com

Viewing: Dev Shed Forums > Web Hosting > Web Hosting > PHP shared server security

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump