Hi, > Usually the Webserver is able to read the sources of the PHP > scripts. PHP scripts may include passwords for database access. > Since PHP is usually mod_php and not suexec'd, this seems to be a > common problem. With account to such databases really important > damage could be done! It's possible to protect yourself against this. PHP has an so-called open_basedir restriction, with which you can specify the directories that a script is allowed to access. You can set a different restriction for every VirtualHost. Sander.
This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 12:06:30 PDT