|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| ||||||||||||||||||||||||||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Codewalkers Forums Sponsor:
|
|
|
|
#1
July 29th, 2002, 09:26 PM
|
|||
|
|||
|
PHP security question
Hi there. Really hoping someone can shed some light on this situation.
I'm in charge of the website at a university and my sysadmin is currently setting up a test machine with the new Oracle internet application server. With this he can easily run php, but the problem is there are a number of other users on the server who maintain small portions of the site and who shouldn't have the ability to use php. He's quite busy so I'm doing a bit of legwork looking for a solution to our problem. Is there a way to limit who can upload php files to the server? Could something perhaps be set up with the different groups on the server, and with the users within those groups, to allow only users within my group to upload php files? Basically I'm looking to be able to use php myself, but limit all other users to html only. Is this possible? Does anyone have any suggestions? Thanks in advance, Pablo
|
|
#2
July 29th, 2002, 10:11 PM
|
|||
|
|||
|
RE: PHP security question
You should be able to run PHP with safe mode on and specify a directory in "doc_root". Any files outside of doc_root will not be parsed by PHP. Both safe mode and doc_root can be configured in the php.ini file....
|
|
#3
July 30th, 2002, 12:38 AM
|
|||
|
|||
|
RE: PHP security question
Thanks for the tip, Matt. This seems to be the one solution everyone I've asked has come up with, but unfortunately in my case it won't work.
The site I take care of is quite large, and many portions have been in place for many years, and the directory structure of the new site must stay as close to identical as possible. So for this reason specifying one directory in which PHP can be executed won't work, as I'll need to make use of PHP throughout the entire site, and block off a number of sub-sections of the site. I'm really hoping to find a way to do this via the users and groups within the *nix file system. For example, I am the user webmstr, and I belong to the webmstr group, so if I could set it up such that only users in the webmstr group could upload php files to the server, that would be a perfect solution. Of course, now I've taken it more from a PHP question to a server question (we're using Apache running under Oracle's 9IAS). Any other thoughts? Thanks in advance, Pablo
|
|
| Viewing: Codewalkers Forums > PHP Related > PHP Installation > PHP security question |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
