php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #7606 Security Hole
Submitted: 2000-11-02 19:22 UTC Modified: 2000-11-03 17:40 UTC
From: exothermic at softhome dot net Assigned:
Status: Closed Package: Feature/Change Request
PHP Version: 4.0.3pl1 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: exothermic at softhome dot net
New email:
PHP Version: OS:

 

 [2000-11-02 19:22 UTC] exothermic at softhome dot net 
With a multi user system we cannot secure any database driven webapplications that use php.  Every file that apache "sees" must be at least readable by every other user.  Since php runs as the same user as Apache then that includes the files that contain database logins and passwords.  I know there is a way around this using CGI but I would rather not.  When will there be a solution to this?

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-03 17:40 UTC] joey@php.net 
Zeev replied to the dev list:
There won't be a thorough solution for that in the Apache 1.3
framework.  This is not a PHP problem - it's a direct result of the way
Apache 1.3 works.
There is a limited solution for this using the safe_mode mechanism, but
note that the safe_mode mechanism should not be considered secure, but only
as a way of preventing the casual users from reading other people's
information.
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Mon Jun 15 22:00:02 2026 UTC