php/mysql security question (was Re: [ale] [OT] web hosting(php/mysql/apache) suggestions?)
Dylan Northrup
docx at io.com
Wed Jun 4 09:35:21 EDT 2003
A long time ago, (03.06.03), in a galaxy far, far away, Robert Coggins wrote:
:=I use digitalspace.net I love this service! I have been using it for
:=about 3 years. and it has the php/mysql/apache however, I am not sure
:=about the PDFlib. I know a few other people are using it on ale also.
:=The services start at about $3-4/mnth they have great support too. A
:=full shell access and other features.
So, having gotten into php/mysql recently using my shell provider (io.com)
I've got a question about the security aspects involved. . .
Here's the situation as I see it:
- .php files need to be 644 in order for Apache to be able to read them
- I can't make them 640 and chgrp them to the apache group since I'm not
a part of the apache group (and even if I did, other folks in group apache
could read my files as well)
- The reading of the .php files is important because I have to put my mysql
password in the mysql_connect statement and if someone has my mysql
password, they have access to my data.
Now, I don't have anything important in there right now, so it's not a big
deal, but I'd prefer other people not being able to muck with my data.
Anyone else run into this issue? If so, how did you deal with it?
--
Dylan Northrup <*> docx at io.com <*> http://www.io.com/~docx/
"Harder to work, harder to strive, hard to be glad to be alive, but it's
really worth it if you give it a try." -- Cowboy Mouth, 'Easy'
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list