Network Security: Detailed info on Re: Deny Access To configuration file using php scripts

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Linux

[Top] [All Lists]

Re: Deny Access To configuration file using php scripts

from [Josh Sholes] Network Security

[Permanent Link]

Subject:	Re: Deny Access To configuration file using php scripts
Date:	Tue, 1 Mar 2005 14:31:39 -0500

On Tuesday 01 March 2005 12:54, raT wrote:

Hello i have a web server and i have a major problem

some of my users are trying to find my pass for my mysql database.

the first thing they do is a
system ('cat /var/www/path to config file');
inside a php script

my problem is to deny this file from being read throu the script since
the apache deamon runs as nobody
and it has to have read permision to the configuration file.

my users have shell acount and can create files in the public_html folder.
any help?
snif!


I'll leave the web security half of this question to the 
web-security-knowledgable types, and just answer the "any help" part:

Problem users should find their accounts locked.  Zero-tolerance.
Anything less, IMHO, is making yourself an accessory to the hijacking of your 
own server.

thanks in advance.


-- 
Josh Sholes
System Administrator
ZedX Inc.
sholes@zedxinc.com

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Deny Access To configuration file using php scripts, raT Re: Deny Access To configuration file using php scripts, David Morel Re: Deny Access To configuration file using php scripts, Marcel Prisi Re: Deny Access To configuration file using php scripts, Bruce Garlock Re: Deny Access To configuration file using php scripts, Josh Sholes <= Re: Deny Access To configuration file using php scripts, Suramya Tomar Re: Deny Access To configuration file using php scripts, Jan Urbancik Re: Deny Access To configuration file using php scripts, Joachim Schipper RE: Deny Access To configuration file using php scripts, Brent Meshier Re: Deny Access To configuration file using php scripts, Igor Plisco RE: Deny Access To configuration file using php scripts, Tosoni RE: Deny Access To configuration file using php scripts, Scott Fagg RE: Deny Access To configuration file using php scripts, administrator Message not available Re: Deny Access To configuration file using php scripts, Server Administration Re: Deny Access To configuration file using php scripts, Mohammed Salih

Previous by Date:	Re: Deny Access To configuration file using php scripts, Bruce Garlock
Next by Date:	Re: Deny Access To configuration file using php scripts, Suramya Tomar
Previous by Thread:	Re: Deny Access To configuration file using php scripts, Bruce Garlock
Next by Thread:	Re: Deny Access To configuration file using php scripts, Suramya Tomar
Indexes:	[Date] [Thread] [Top] [All Lists]