[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] How secure is PHP ?
- To: Matt <smp.repicky@xxxxxxxxx>
- Subject: Re: [Full-Disclosure] How secure is PHP ?
- From: "Gary E. Miller" <gem@xxxxxxxxxx>
- Date: Fri, 5 Nov 2004 09:56:57 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yo Matt!
On Fri, 5 Nov 2004, Matt wrote:
> There is actually a very easy way around this. If you are running an
> LDAP or AD environment, you can use the LDAP to authenticate the
> users, then once the user is authenticated, take the username and
> store that into a variable which you can then use to chown and chgrp
> the resulting files for that user after they are written.
You do not need LDAP or AD for this. Apache can happyly validate
against the local /etc/password or an htpasswd file. Then use suexec to
get the perms right. All the config you need for this will fit nicely
in your httpd.conf.
OTOH, you better have a better than average Apache Admin to noodle this
out.
RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
gem@xxxxxxxxxx Tel:+1(541)382-8588 Fax: +1(541)382-8676
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBi77s8KZibdeR3qURAn4zAJ9xRiylidDDHGYBE884sJNXI+UoZQCfRDQI
U0sA9qe1qBFL5ePS/N1wTwE=
=AIIz
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html