Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
0 user currently in Programming. | 3 guests |
Acmlm's Board - I2 Archive - Programming - any way to prevent viewing a PHP source via PHP? | | | |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
User | Post | ||
FreeDOS Lava Lotus Wannabe-Mod :< Level: 59 Posts: 365/1657 EXP: 1648646 For next: 24482 Since: 03-15-04 From: Seattle Since last post: 6 hours Last activity: 4 hours |
| ||
Per-directory, that is. The guy that hosts me has a problem where someone else that he hosts views his board config.inc.php file to get the database password. By the logs, he uses PHP to do it. So, is there any way to stop this behaviour? He doesn't have access to the PHP configuration, BTW. And the hosting company does not want to globally disable it. His privilege to upload things via FTP has been taken away, but he can still hand files to the admin to be placed on the server, after examination of the file, of course. (If it were up to me, I would've kicked him off completely, but it's not up to me) (edited by FreeDOS on 04-14-04 07:01 PM) (edited by Acmlm on 04-18-04 04:57 AM) |
|||
Vystrix Nexoth Level: 30 Posts: 100/348 EXP: 158678 For next: 7191 Since: 03-15-04 From: somewhere between anima and animus Since last post: 3 days Last activity: 2 days |
| ||
if you mean disabling the highlight_file()/highlight_string() functions, it's not possible as far as I know, short of modifying the source code of PHP itself and recompiling it, which doesn't appear to be an option in your situation. | |||
Darth Coby Vire Dacht je nou echt dat het over was? Dacht je nou echt dat ik gebroken was? Nee toch? Nou kijk eens goed op uit je ogen gast. zonder clic heb je geen kloten tjap... bitch Level: 55 Posts: 497/1371 EXP: 1240774 For next: 73415 Since: 03-15-04 From: Belgium Since last post: 2 days Last activity: 9 hours |
| ||
Can't you just CHMod the log in order so he can't have read access to it? | |||
FreeDOS Lava Lotus Wannabe-Mod :< Level: 59 Posts: 368/1657 EXP: 1648646 For next: 24482 Since: 03-15-04 From: Seattle Since last post: 6 hours Last activity: 4 hours |
| ||
Originally posted by Coby He's not looking at the logs, the board configuration. CHMODing them to prevent read access would also prevent anyone from viewing and using the board. |
|||
frantik Paragoomba Level: 15 Posts: 51/66 EXP: 13104 For next: 3280 Since: 03-15-04 Since last post: 400 days Last activity: 339 days |
| ||
check this out: "suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter. " http://www.suphp.org/Home.html or also try "chroot jail" in google (edited by frantik on 04-19-04 02:59 AM) |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
Acmlm's Board - I2 Archive - Programming - any way to prevent viewing a PHP source via PHP? | | | |