Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: How secure is PHP ?
From: "Gary E. Miller" <gem () rellim com>
Date: Fri, 5 Nov 2004 09:56:57 -0800 (PST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Matt!

On Fri, 5 Nov 2004, Matt wrote:

There is actually a very easy way around this.  If you are running an
LDAP or AD environment, you can use the LDAP to authenticate the
users, then once the user is authenticated, take the username and
store that into a variable which you can then use to chown and chgrp
the resulting files for that user after they are written.

You do not need LDAP or AD for this.  Apache can happyly validate
against the local /etc/password or an htpasswd file.  Then use suexec to
get the perms right.  All the config you need for this will fit nicely
in your httpd.conf.

OTOH, you better have a better than average Apache Admin to noodle this
out.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBi77s8KZibdeR3qURAn4zAJ9xRiylidDDHGYBE884sJNXI+UoZQCfRDQI
U0sA9qe1qBFL5ePS/N1wTwE=
=AIIz
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault