As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user. (Linux server). Can I do
that?
3  1868 
mrbog wrote: As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user.**(Linux*s erver).*Can*I*d o
that?
You can with Apache and virtualhosts. I don't know about IIS or others.
Instead of having
AddType application/x-httpd-php .php
in a global scope you just put it into the appropriate virtual hosts.
Note however that if you allow .htaccess files they can put this into
an .htaccess file and can then use PHP. If you don't allow .htaccess files
then this isn't a problem.
--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/
I do mean apache, but I meant only one user on the server. As in a
unix user, like a shell account.
So, if the php file is owned by user joe, then it will execute on the
site, if not, then it won't. This way, if someone manages to upload a
php file to my site, it won't execute because it will be owned by the
"nobody" user.
Chris Hope <bl*******@elec trictoolbox.com > wrote in message news:<10******* *******@216.128 .74.129>... mrbog wrote:
As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user. (Linux server). Can
I do that?
You can with Apache and virtualhosts. I don't know about IIS or others.
Instead of having
AddType application/x-httpd-php .php
in a global scope you just put it into the appropriate virtual hosts.
Note however that if you allow .htaccess files they can put this into
an .htaccess file and can then use PHP. If you don't allow .htaccess fi
les
then this isn't a problem.
mrbog wrote: I do mean apache, but I meant only one user on the server. As in a
unix user, like a shell account.
So, if the php file is owned by user joe, then it will execute on the
site, if not, then it won't. This way, if someone manages to upload a
php file to my site, it won't execute because it will be owned by the
"nobody" user.
Chris Hope <bl*******@elec trictoolbox.com > wrote in message news:<10******* *******@216.128 .74.129>...
mrbog wrote:
As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user. (Linux server). Can
I do
that?
You can with Apache and virtualhosts. I don't know about IIS or others.
Instead of having
AddType application/x-httpd-php .php
in a global scope you just put it into the appropriate virtual hosts.
Note however that if you allow .htaccess files they can put this into
an .htaccess file and can then use PHP. If you don't allow .htaccess fi
les
then this isn't a problem.
I can do this with PHP on OpenVMS. I can set an ACL that only allows
the user that runs the web server to have access to it..., I don't use
any file-upload scripts either, but then again, I don't worry about
someone hacking my system cuz it can't be done... many have tried and
failed. This is what you get when you use a "real" operating system,
not the Swiss-cheese-for-security variety (*n*x, W{any version}).
Michael Austin. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Radioactive Man |
last post by:
anyone know of a function like "raw_input", which collects a string
from the user entry, but one where I can set a time limit, as follows:
time_limit = 10 # seconds
user_answer = function_xyz("GIVE ME AN ANSWER: ", time_limit)
The problem with "raw_input" is that it will stop unattended script
indefinitely. I'm looking for a function that does the exact same
thing, but with a time limit feature, and preferably one that returns
|
by: JohnH |
last post by:
I have an ASP app (developed with Interdev 6) which uses
a DTC listbox (server-side) bound to a recordset to allow
the user to make a selection. This works fine until the
number of records in the record set seems to hit a limit
(not determined the exact limit, but seems to be c. 400).
If there are too many records, the app just hangs until
it hits the scripttimeout limit. I've tried increasing
both the command timout (I'm using an ADO...
|
by: Randell D. |
last post by:
Folks,
I have a SELECT that returns with multiple records - It works when I have a
LIMIT clause but when I try to include a GROUP BY clause, the select returns
nothing (ie no records, no errors).
The GROUP BY specifies a column that does exist in my db (and is also the
only field that is select from the db).
Where am I going wrong? Because my select uses hashes (which I provide with
|
by: Tom Ostberg |
last post by:
There appears to be a limit of ~16378 user Id's possible per database.
When adding users we eventually get the message:
> exec sp_adduser 'testUser', 'testUser', 'user_group'
Server: Msg 15065, Level 16, State 1, Procedure sp_grantdbaccess, Line
160
All user IDs have been assigned.
All of the MSSQL procedures eventually call sp_grantdbaccess which has
the following piece of code:
|
by: emily_g107 |
last post by:
Hi,
I need to limit results in the following query type:
http://www.somewhere.com/php/sql-a.php3?server=1&db=mydatabase&table=mytable&sql_query=SELECT+Field_1%2CField_2%2CField_3%2Cidno+from+mytable+where+1+and+field_1+like+%22string%22+&sql_order=&pos=1
I found a reference that says I should be able to use LIMIT x, but
I don't know where/exactly how to add that to the string. Once I know
what it's supposed to look like, and can...
| | |
by: Mitchell Thomas |
last post by:
I am using Oracle as a backend and have a field set as Varchar2(2000).
The problem i have is access interprets this as a memo field and
allows the user to type more than 2000 characters but does not store
the excess characters beyond 2000, giving the user the false sense of
security that what they are typing beyond 2000 characters is being
saved, which is not the case. I want to prevent the user from typing
more than 2000. How do i do...
|
by: Hannu |
last post by:
Hi.
In the ldb file you can see the users of the mdb-file. If you open the
mdb-file your machine and username will be written in the lbd- file.
Allthough you close the mdb-file your name won't disappear from the
ldb-file, before every user has closed the mdb-file.
I have heard that there will be problems if the amount of users will
be over 10 in mdb-files. Is that true?
Hannu
|
by: Jefferis NoSpamme |
last post by:
Hi all, I'm trying to limit the file size of an image submission and I keep
running into various problems. I've got most of it working, but I'm stumped
and I have a basic question as to WHY this works at all!
if ($_FILES !="") {
if ($_FILES<=0) {
header("Location: /fileerror.php");
exit;
}
|
by: freduchi |
last post by:
Hi, I need sugestions.
I need to implement the next and I don´t know how to do it:
I am developing a website in which users are signed up and share
information(Messages, Photos...).
When a user is signed up, his data is stored in a database and he is
asigned with a folder.
What I need, is to limit the folder capacity of each user to a given
|
by: =?Utf-8?B?QmlsbHkgWmhhbmc=?= |
last post by:
I want to limit the user only login the system one time at the same time.
I don't want him login the system two with the same user at the same time.
How to do this?
If i have a table to record if this user has logined, this user didn't
logout and just close IE, how do i set his recoed in the table logout?
Thanks,
-Billy
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
