473,327 Members | 1,952 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,327 software developers and data experts.

Limit php to one user?

As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user. (Linux server). Can I do
that?
Jul 17 '05 #1
3 1849
mrbog wrote:
As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user.**(Linux*server).*Can*I*do
that?


You can with Apache and virtualhosts. I don't know about IIS or others.

Instead of having
AddType application/x-httpd-php .php
in a global scope you just put it into the appropriate virtual hosts.

Note however that if you allow .htaccess files they can put this into
an .htaccess file and can then use PHP. If you don't allow .htaccess files
then this isn't a problem.

--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/
Jul 17 '05 #2
I do mean apache, but I meant only one user on the server. As in a
unix user, like a shell account.

So, if the php file is owned by user joe, then it will execute on the
site, if not, then it won't. This way, if someone manages to upload a
php file to my site, it won't execute because it will be owned by the
"nobody" user.
Chris Hope <bl*******@electrictoolbox.com> wrote in message news:<10**************@216.128.74.129>...
mrbog wrote:
As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user. (Linux server). Can

I do
that?


You can with Apache and virtualhosts. I don't know about IIS or others.
Instead of having
AddType application/x-httpd-php .php
in a global scope you just put it into the appropriate virtual hosts.
Note however that if you allow .htaccess files they can put this into
an .htaccess file and can then use PHP. If you don't allow .htaccess fi
les
then this isn't a problem.

Jul 17 '05 #3
mrbog wrote:
I do mean apache, but I meant only one user on the server. As in a
unix user, like a shell account.

So, if the php file is owned by user joe, then it will execute on the
site, if not, then it won't. This way, if someone manages to upload a
php file to my site, it won't execute because it will be owned by the
"nobody" user.
Chris Hope <bl*******@electrictoolbox.com> wrote in message news:<10**************@216.128.74.129>...
mrbog wrote:

As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user. (Linux server). Can


I do
that?


You can with Apache and virtualhosts. I don't know about IIS or others.
Instead of having
AddType application/x-httpd-php .php
in a global scope you just put it into the appropriate virtual hosts.
Note however that if you allow .htaccess files they can put this into
an .htaccess file and can then use PHP. If you don't allow .htaccess fi
les
then this isn't a problem.

I can do this with PHP on OpenVMS. I can set an ACL that only allows
the user that runs the web server to have access to it..., I don't use
any file-upload scripts either, but then again, I don't worry about
someone hacking my system cuz it can't be done... many have tried and
failed. This is what you get when you use a "real" operating system,
not the Swiss-cheese-for-security variety (*n*x, W{any version}).

Michael Austin.

Jul 17 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Radioactive Man | last post by:
anyone know of a function like "raw_input", which collects a string from the user entry, but one where I can set a time limit, as follows: time_limit = 10 # seconds user_answer =...
6
by: JohnH | last post by:
I have an ASP app (developed with Interdev 6) which uses a DTC listbox (server-side) bound to a recordset to allow the user to make a selection. This works fine until the number of records in the...
10
by: Randell D. | last post by:
Folks, I have a SELECT that returns with multiple records - It works when I have a LIMIT clause but when I try to include a GROUP BY clause, the select returns nothing (ie no records, no...
1
by: Tom Ostberg | last post by:
There appears to be a limit of ~16378 user Id's possible per database. When adding users we eventually get the message: > exec sp_adduser 'testUser', 'testUser', 'user_group' Server: Msg 15065,...
4
by: emily_g107 | last post by:
Hi, I need to limit results in the following query type: ...
5
by: Mitchell Thomas | last post by:
I am using Oracle as a backend and have a field set as Varchar2(2000). The problem i have is access interprets this as a memo field and allows the user to type more than 2000 characters but does...
6
by: Hannu | last post by:
Hi. In the ldb file you can see the users of the mdb-file. If you open the mdb-file your machine and username will be written in the lbd- file. Allthough you close the mdb-file your name won't...
5
by: Jefferis NoSpamme | last post by:
Hi all, I'm trying to limit the file size of an image submission and I keep running into various problems. I've got most of it working, but I'm stumped and I have a basic question as to WHY this...
9
by: freduchi | last post by:
Hi, I need sugestions. I need to implement the next and I don´t know how to do it: I am developing a website in which users are signed up and share information(Messages, Photos...). When a...
3
by: =?Utf-8?B?QmlsbHkgWmhhbmc=?= | last post by:
I want to limit the user only login the system one time at the same time. I don't want him login the system two with the same user at the same time. How to do this? If i have a table to record...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.