lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: gem at rellim.com (Gary E. Miller)
Subject: How secure is PHP ?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Matt!

On Fri, 5 Nov 2004, Matt wrote:

> There is actually a very easy way around this.  If you are running an
> LDAP or AD environment, you can use the LDAP to authenticate the
> users, then once the user is authenticated, take the username and
> store that into a variable which you can then use to chown and chgrp
> the resulting files for that user after they are written.

You do not need LDAP or AD for this.  Apache can happyly validate
against the local /etc/password or an htpasswd file.  Then use suexec to
get the perms right.  All the config you need for this will fit nicely
in your httpd.conf.

OTOH, you better have a better than average Apache Admin to noodle this
out.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
	gem@...lim.com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBi77s8KZibdeR3qURAn4zAJ9xRiylidDDHGYBE884sJNXI+UoZQCfRDQI
U0sA9qe1qBFL5ePS/N1wTwE=
=AIIz
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists