Network Security: Detailed info on Re: Deny Access To configuration file using php scripts

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Linux

[Top] [All Lists]

Re: Deny Access To configuration file using php scripts

from [David Morel] Network Security

[Permanent Link]

Subject:	Re: Deny Access To configuration file using php scripts
Date:	Tue, 1 Mar 2005 20:13:00 +0100

Le Mardi 1 Mars 2005 18:54, raT a écrit :

the first thing they do is a
system ('cat /var/www/path to config file');
inside a php script


use php safe_mode, run php scripts in suexec.

my problem is to deny this file from being read throu the script since
the apache deamon runs as nobody


you can have multiple virtual hosts running under their own uid/gid -see 
virtual host configuration and suexec doc for apache

and it has to have read permision to the configuration file.

my users have shell acount


they shouldn't ! What do you expect ? Do they really have to have a shell 
account ???
-- 
+---------------------------------------+
| David Morel <david.morel@amakuru.net> |
| OpenPGP public key :                  |
| http://www.amakuru.net/dmorel.asc     |
+---------------------------------------+

pgpAuzjQCSNwk.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Deny Access To configuration file using php scripts, raT Re: Deny Access To configuration file using php scripts, David Morel <= Re: Deny Access To configuration file using php scripts, Marcel Prisi Re: Deny Access To configuration file using php scripts, Bruce Garlock Re: Deny Access To configuration file using php scripts, Josh Sholes Re: Deny Access To configuration file using php scripts, Suramya Tomar Re: Deny Access To configuration file using php scripts, Jan Urbancik Re: Deny Access To configuration file using php scripts, Joachim Schipper RE: Deny Access To configuration file using php scripts, Brent Meshier Re: Deny Access To configuration file using php scripts, Igor Plisco RE: Deny Access To configuration file using php scripts, Tosoni RE: Deny Access To configuration file using php scripts, Scott Fagg

Previous by Date:	Deny Access To configuration file using php scripts, raT
Next by Date:	Re: Deny Access To configuration file using php scripts, Marcel Prisi
Previous by Thread:	Deny Access To configuration file using php scripts, raT
Next by Thread:	Re: Deny Access To configuration file using php scripts, Marcel Prisi
Indexes:	[Date] [Thread] [Top] [All Lists]