Re: secret data for php pages
On 07-Jun-2000 Robert Varga wrote:
>
>
> On Wed, 7 Jun 2000, Sean 'Shaleh' Perry wrote:
>
>>
>> On 07-Jun-2000 Robert Varga wrote:
>> >
>> > That is not the same problem. When I refer on users, they are meant as
>> > system users on the webserver, not web visitors.
>> >
>> > What I need is a way to provide separate mysql databases to all
>> > virtualhosts and webserver users, without a possibility for them to access
>> > each other's databases.
>> >
>>
>> each v host gets a user, the web daemon runs as that user. The mysql
>> passwds
>> are in a file that that user can read. Only people who can learn it are
>> other
>> members of the v host.
>>
>
> No, that is only true if it is a cgi. Apache modules don't change uid-s.
> They always run as set globally in httpd.conf, by default www-data, and
> you cannot override it for virtual hosts.
>
> What you can override is running cgi-s or exec-s from SSI-s. The User /
> Group override for virtual hosts is only for cgi-s run in that virtual
> host.
>
> PHP is an apache module on our site, and if it was run from a cgi
> (php3-cgi package) then performance would decrease due to
> 1. not having persistent connections
> 2. having to load the php interpreter on every request for every php
> page.
>
apache runs as the vhost user. One apache daemon group per v host.
Reply to: