I do mean apache, but I meant only one user on the server. As in a
unix user, like a shell account.
So, if the php file is owned by user joe, then it will execute on the
site, if not, then it won't. This way, if someone manages to upload a
php file to my site, it won't execute because it will be owned by the
"nobody" user.
Chris Hope <bl*******@electrictoolbox.com> wrote in message news:<10**************@216.128.74.129>...
mrbog wrote:
As a security measure, I'd like .php files to only execute on my web
site if they're owned by a certain user. (Linux server). Can
I do that?
You can with Apache and virtualhosts. I don't know about IIS or others.
Instead of having
AddType application/x-httpd-php .php
in a global scope you just put it into the appropriate virtual hosts.
Note however that if you allow .htaccess files they can put this into
an .htaccess file and can then use PHP. If you don't allow .htaccess fi
les
then this isn't a problem.