Network Security: Detailed info on Re: Deny Access To configuration file using php scripts

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Linux

[Top] [All Lists]

Re: Deny Access To configuration file using php scripts

from [Marcel Prisi] Network Security

[Permanent Link]

Subject:	Re: Deny Access To configuration file using php scripts
Date:	Tue, 01 Mar 2005 20:37:24 +0100

Hi,

Have a look at php's safe-mode :

http://www.php.net/features.safe-mode

You can easily restrict any virtual host to some dir.

You may also have a look at the "disable_functions" php.ini directive which disable any function you don't want.

Best regards.

raT wrote:

Hello i have a web server and i have a major problem

some of my users are trying to find my pass for my mysql database.

the first thing they do is a
system ('cat /var/www/path to config file');
inside a php script

my problem is to deny this file from being read throu the script since
the apache deamon runs as nobody
and it has to have read permision to the configuration file.

my users have shell acount and can create files in the public_html folder.
any help?
snif!

thanks in advance.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Deny Access To configuration file using php scripts, raT Re: Deny Access To configuration file using php scripts, David Morel Re: Deny Access To configuration file using php scripts, Marcel Prisi <= Re: Deny Access To configuration file using php scripts, Bruce Garlock Re: Deny Access To configuration file using php scripts, Josh Sholes Re: Deny Access To configuration file using php scripts, Suramya Tomar Re: Deny Access To configuration file using php scripts, Jan Urbancik Re: Deny Access To configuration file using php scripts, Joachim Schipper RE: Deny Access To configuration file using php scripts, Brent Meshier Re: Deny Access To configuration file using php scripts, Igor Plisco RE: Deny Access To configuration file using php scripts, Tosoni RE: Deny Access To configuration file using php scripts, Scott Fagg RE: Deny Access To configuration file using php scripts, administrator

Previous by Date:	Re: Deny Access To configuration file using php scripts, David Morel
Next by Date:	Re: Deny Access To configuration file using php scripts, Bruce Garlock
Previous by Thread:	Re: Deny Access To configuration file using php scripts, David Morel
Next by Thread:	Re: Deny Access To configuration file using php scripts, Bruce Garlock
Indexes:	[Date] [Thread] [Top] [All Lists]