php/mysql security question (was Re: [ale] [OT] web hosting (php/mysql/apache) suggestions?)

Robert Coggins ale at cogginsnet.com
Wed Jun 4 09:52:33 EDT 2003


This is on thing that I have been worried about also.  I hate that the PW is
open.  I am not sure how I am going to get around this.  I need to find a
solution soon.  I will post something if I find a solution.

Rob


----- Original Message -----
From: "Dylan Northrup" <docx at io.com>
To: ale at ale.org
To: <ale at ale.org>
Sent: Wednesday, June 04, 2003 9:35 AM
Subject: php/mysql security question (was Re: [ale] [OT] web hosting
(php/mysql/apache) suggestions?)


> A long time ago, (03.06.03), in a galaxy far, far away, Robert Coggins
wrote:
>
> :=I use digitalspace.net   I love this service!  I have been using it for
> :=about 3 years.  and it has the php/mysql/apache  however, I am not sure
> :=about the PDFlib.  I know a few other people are using it on ale also.
> :=The services start at about $3-4/mnth  they have great support too.  A
> :=full shell access and other features.
>
> So, having gotten into php/mysql recently using my shell provider (io.com)
> I've got a question about the security aspects involved. . .
>
> Here's the situation as I see it:
> - .php files need to be 644 in order for Apache to be able to read them
> - I can't make them 640 and chgrp them to the apache group since I'm not
>   a part of the apache group (and even if I did, other folks in group
apache
>   could read my files as well)
> - The reading of the .php files is important because I have to put my
mysql
>   password in the mysql_connect statement and if someone has my mysql
>   password, they have access to my data.
>
> Now, I don't have anything important in there right now, so it's not a big
> deal, but I'd prefer other people not being able to muck with my data.
> Anyone else run into this issue?  If so, how did you deal with it?
>
> --
> Dylan Northrup <*> docx at io.com <*> http://www.io.com/~docx/
> "Harder to work, harder to strive, hard to be glad to be alive, but it's
>  really worth it if you give it a try." -- Cowboy Mouth, 'Easy'
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list