#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2000
    Posts
    36
    Rep Power
    14
    I have a client that brought to my attention a very interesting problem.

    If he has a website (www.domain.com) and he has a php page on it (order.php) that connects to the database. He has the user and pass in the page.

    ok.

    This is a linux server.

    It seems that another person on the server could just figure out what directory he is in.

    Then just do "vi order.php"

    so they could read the user and pass and then connect to the database and steal information.

    or even steal the scripts

    I hope I explained this ok.

    Does anybody have a solution to this?

    I sure hope so.

    Visit http://phphost@mybizhosting.com for great deals

    ------------------
    Adam Kling
    President
    MyBizHosting
    http://www.mybizhosting.com

    Everybody that signs up with us becomes a reseller. Get additional accounts at discount!

  2. #2
  3. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2000
    Posts
    5
    Rep Power
    0
    this is a problem,
    he will have to set up the permissions on his files very carefully, take into account what group he is in (as other users) and what user your webserver runs as (group(s) its in),

    ------------------
    http://plebian.com

IMN logo majestic logo threadwatch logo seochat tools logo