Re: permissions?
From: Aquila Deus (aquila_deus_at_yahoo.co.uk)
Date: 09/21/04
- Next message: Aquila Deus: "Re: PHP GTK vs every other stand-alone language"
- Previous message: Kevin Thorpe: "Re: Application Scope variables ?"
- In reply to: Daniel Barna: "permissions?"
- Next in thread: Daniel Barna: "Re: permissions?"
- Reply: Daniel Barna: "Re: permissions?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 21 Sep 2004 00:07:44 -0700
kkk333@freemail.hu (Daniel Barna) wrote in message news:<468adf60.0409191417.3a8c7552@posting.google.com>...
> Hi
> I have the following problem: I want to grant different access rights
> to different users on a page, identified by username/password. I want
> to load the set of users/passwords from a database, from a file, or
> whereever. This is more or less OK: outside users connecting via the
> web can sent their username/password ($_POST variable), the script
> checks it agains the users/passwords in the database, and grants
> different access rights according to the username.
> However, this is not safe against local users of the same machine:
> since the php script of every local user runs under the same uid/gid,
> every user can access the same database using a php script. One could
> argue, that they can not figure out, how to access this database
> (where it is located, if it requires a password, etc). But since my
> php script must be readable by the www server (user=wwwrun), they can
> read this script from a php script, which runs under the same uid.
If the users use only database resource, how about just use database's
built-in security system?
>
> I have found some articles about setting up different vhosts in
> apache, and running these vhosts with different UID. But this needs
> apache-configuration, as root. Is there a per-user way, which any user
> can follow without the intervention of root, to set up a database,
> which is only accessible by his php scripts?
don't forget vhost can't be set without restarting apache... Besides,
only root can change his own uid (unless you use nt), so that any
system-level methods can't work for you.
- Next message: Aquila Deus: "Re: PHP GTK vs every other stand-alone language"
- Previous message: Kevin Thorpe: "Re: Application Scope variables ?"
- In reply to: Daniel Barna: "permissions?"
- Next in thread: Daniel Barna: "Re: permissions?"
- Reply: Daniel Barna: "Re: permissions?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
