December 17th, 2000, 02:52 PM
I have a client that brought to my attention a very interesting problem.
If he has a website (www.domain.com) and he has a php page on it (order.php) that connects to the database. He has the user and pass in the page.
This is a linux server.
It seems that another person on the server could just figure out what directory he is in.
Then just do "vi order.php"
so they could read the user and pass and then connect to the database and steal information.
or even steal the scripts
I hope I explained this ok.
Does anybody have a solution to this?
I sure hope so.
Visit http://firstname.lastname@example.org for great deals
Everybody that signs up with us becomes a reseller. Get additional accounts at discount!
December 21st, 2000, 07:58 AM
this is a problem,
he will have to set up the permissions on his files very carefully, take into account what group he is in (as other users) and what user your webserver runs as (group(s) its in),