PHP Installation
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Codewalkers ForumsPHP RelatedPHP Installation

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Codewalkers Forums Sponsor:
  #1  
Old July 29th, 2002, 08:26 PM
Anonymous Anonymous is offline
Registered User
Codewalkers God 35th Plane (22000 - 22499 posts)
 
Join Date: Apr 2007
Posts: 22,309 Anonymous User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 25
PHP security question

Hi there. Really hoping someone can shed some light on this situation.

I'm in charge of the website at a university and my sysadmin is currently setting up a test machine with the new Oracle internet application server. With this he can easily run php, but the problem is there are a number of other users on the server who maintain small portions of the site and who shouldn't have the ability to use php.

He's quite busy so I'm doing a bit of legwork looking for a solution to our problem.

Is there a way to limit who can upload php files to the server? Could something perhaps be set up with the different groups on the server, and with the users within those groups, to allow only users within my group to upload php files?

Basically I'm looking to be able to use php myself, but limit all other users to html only.

Is this possible? Does anyone have any suggestions?

Thanks in advance,
Pablo

Reply With Quote
  #2  
Old July 29th, 2002, 09:11 PM
Matt Matt is offline
Contributing User
Codewalkers Specialist (4000 - 4499 posts)
 
Join Date: Apr 2007
Location: Florida
Posts: 4,158 Matt User rank is Private First Class (20 - 50 Reputation Level)Matt User rank is Private First Class (20 - 50 Reputation Level) 
Time spent in forums: 4 h 12 m 16 sec
Reputation Power: 7
RE: PHP security question

You should be able to run PHP with safe mode on and specify a directory in "doc_root". Any files outside of doc_root will not be parsed by PHP. Both safe mode and doc_root can be configured in the php.ini file....

Reply With Quote
  #3  
Old July 29th, 2002, 11:38 PM
Anonymous Anonymous is offline
Registered User
Codewalkers God 35th Plane (22000 - 22499 posts)
 
Join Date: Apr 2007
Posts: 22,309 Anonymous User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 25
RE: PHP security question

Thanks for the tip, Matt. This seems to be the one solution everyone I've asked has come up with, but unfortunately in my case it won't work.

The site I take care of is quite large, and many portions have been in place for many years, and the directory structure of the new site must stay as close to identical as possible.

So for this reason specifying one directory in which PHP can be executed won't work, as I'll need to make use of PHP throughout the entire site, and block off a number of sub-sections of the site.

I'm really hoping to find a way to do this via the users and groups within the *nix file system.

For example, I am the user webmstr, and I belong to the webmstr group, so if I could set it up such that only users in the webmstr group could upload php files to the server, that would be a perfect solution.

Of course, now I've taken it more from a PHP question to a server question (we're using Apache running under Oracle's 9IAS).

Any other thoughts?

Thanks in advance,
Pablo

Reply With Quote
  #4  
Old August 1st, 2002, 10:38 AM
EvilivE EvilivE is offline
Codewalkers Newbie (0 - 499 posts)
 
Join Date: Apr 2007
Location: Milwaukee, WI USA
Posts: 291 EvilivE User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 3
Send a message via Yahoo to EvilivE
RE: PHP security question

1.How about transfering the files via a ftp user acct?

2.Maybe utilizing .htaccess

Random thoughts.

Reply With Quote
Reply

Viewing: Codewalkers ForumsPHP RelatedPHP Installation > PHP security question


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump




 Free IT White Papers!
 
Create the Optimal Architecture for your Critical Applications
Warburton's the largest independently owned bakery in the UK faced a number of difficult challenges in providing the most robust yet efficient IT infrastructure for their organization's success. IBM's services combined with their xSeries servers created the perfect platform for their SAP environment with sufficient flexibility, and did so in very time effective fashion.

Request Your Free Technology Downloads!
 
Five Best Practices for Deploying a Successful Service-Oriented Architecture
This white paper describes the benefits you can expect with SOA, and how IBM can help take your business there.

Request Your Free Technology Downloads!
 
Gartner Magic Quadrant for Application Delivery Controllers
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses of solutions, and provides Magic Quadrant reporting for a quick comparison across all vendors. Learn from Gartner how you can benefit from an all-in-one device like Citrix NetScaler that delivers the highest levels of availability, performance and security.

Request Your Free Technology Downloads!
 
Knowledge is Power
What you don't know can hurt you, and is likely costing you money and increasing your security risks during an era of scarce resources. This white paper proposes six key strategies that enterprise security managers can use to improve their network defense posture.

Request Your Free Technology Downloads!
 
Rationalizing the Multi-Tool Environment
The rationalized multi-tool approach is flexible, scalable and cost effective. It provides the necessary input to the IT service management business processes. It preserves prior investments in monitoring tools, empowers technologists to select the best tools with which to do their jobs, and enhances effective response to incidents.

Request Your Free Technology Downloads!
 

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 




© 2003-2010 by Developer Shed. All rights reserved. DS Cluster 12 Hosted by Hostway
For more Enterprise Application Development news, visit eWeek