Re: [Phpwiki-talk] FootNotes, Tables, The end of PHP3, I'm still alive, etc...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Wed, 07 Feb 2001 11:19:29 -0800, you wrote:
 	<snip lots of good stuff>
=> Security:
=>   On machines where httpd runs as 'nobody' (or similar), admin.php must
=>   be world readable.  This allows anyone with an account on the machine
=>   access to the username and password in admin.php (same problem for
=>   the sql password in config.inc).
=>   Is there a solution?

	One shared hosting provider (www.pair.com) allows users
to run PHP "wrapped" through a CGI-WRAP so that the process runs
as the user, rather than as nobody (which allows you to set all
your code and INC files etc etc to 600 or whatever).

	One needs to be sure the code is tight because it's going
to run as if it were the account owner logged in thru telenet
(rather than as the webserver), but it works very well.  Pair
also allows the user (webmaster level account or above) to
configure and compile their own version(s) of PHP under their own
account. Also works quite well.

	Cheers,

	- Don (a pair customer/VAR but don't ask me for an
account)