| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: gem at rellim.com (Gary E. Miller) Subject: How secure is PHP ? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Matt! On Fri, 5 Nov 2004, Matt wrote: > There is actually a very easy way around this. If you are running an > LDAP or AD environment, you can use the LDAP to authenticate the > users, then once the user is authenticated, take the username and > store that into a variable which you can then use to chown and chgrp > the resulting files for that user after they are written. You do not need LDAP or AD for this. Apache can happyly validate against the local /etc/password or an htpasswd file. Then use suexec to get the perms right. All the config you need for this will fit nicely in your httpd.conf. OTOH, you better have a better than average Apache Admin to noodle this out. RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem@...lim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBi77s8KZibdeR3qURAn4zAJ9xRiylidDDHGYBE884sJNXI+UoZQCfRDQI U0sA9qe1qBFL5ePS/N1wTwE= =AIIz -----END PGP SIGNATURE-----
Powered by blists - more mailing lists