Re: secret data for php pages
On Wed, 7 Jun 2000, Sean 'Shaleh' Perry wrote:
> On 07-Jun-2000 Robert Varga wrote:
> > That is not the same problem. When I refer on users, they are meant as
> > system users on the webserver, not web visitors.
> > What I need is a way to provide separate mysql databases to all
> > virtualhosts and webserver users, without a possibility for them to access
> > each other's databases.
> each v host gets a user, the web daemon runs as that user. The mysql passwds
> are in a file that that user can read. Only people who can learn it are other
> members of the v host.
No, that is only true if it is a cgi. Apache modules don't change uid-s.
They always run as set globally in httpd.conf, by default www-data, and
you cannot override it for virtual hosts.
What you can override is running cgi-s or exec-s from SSI-s. The User /
Group override for virtual hosts is only for cgi-s run in that virtual
PHP is an apache module on our site, and if it was run from a cgi
(php3-cgi package) then performance would decrease due to
1. not having persistent connections
2. having to load the php interpreter on every request for every php