[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] How secure is PHP ?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Matt!

On Fri, 5 Nov 2004, Matt wrote:

> There is actually a very easy way around this.  If you are running an
> LDAP or AD environment, you can use the LDAP to authenticate the
> users, then once the user is authenticated, take the username and
> store that into a variable which you can then use to chown and chgrp
> the resulting files for that user after they are written.

You do not need LDAP or AD for this.  Apache can happyly validate
against the local /etc/password or an htpasswd file.  Then use suexec to
get the perms right.  All the config you need for this will fit nicely
in your httpd.conf.

OTOH, you better have a better than average Apache Admin to noodle this
out.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem@xxxxxxxxxx  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBi77s8KZibdeR3qURAn4zAJ9xRiylidDDHGYBE884sJNXI+UoZQCfRDQI
U0sA9qe1qBFL5ePS/N1wTwE=
=AIIz
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html