[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secret data for php pages

If php is called as a cgi then it can be run setuid via suexec anyway.
What I was looking for was a way to provide some information preload
during the time when apache is still root for the php3 module, since
modules run as www-data. 

There was another suggestion for running several instances of
suid-ed apache on ports other than 80 and using the rewrite engine to
transfer calls to them. This would cause large memory consumption but
still looks like the most feasible method aside from ip-based


Robert Varga

On Thu, 8 Jun 2000, Christian Hammers wrote:

> Hello
> > Is there a way in which I can store some data (eg. mysql passwords) safely
> > from other users on a website and retrieve it from php3/4?
> There exists a patch that allowes apache to run every virtual host in
> a seperated chrooted environment under a different UID.
> This involves that php has to be called as cgi but it's ok from the 
> security point of view.
> http://stein.cshl.org/software/sbox/
> bye,
>  -christian-
> -- 
> Linux - the choice of the GNU generation.           Join the Debian Project 
>                                                       http://www.debian.org 
> Christian Hammers * Oberer Heidweg 35 * D-52477 Alsdorf * Tel.: 02404-25624
> 0AA3 E879 1D82 F59E 77A4 0096 911F 4AE6 86A1 18E6 1024D/86A118E6 1999-09-17

Reply to: