[Pmwiki-users] Wiki Article in IX

Thomas -Balu- Walter list+pmwiki-users
Fri Apr 2 05:42:31 CST 2004


On Wed, Mar 31, 2004 at 05:49:06PM -0500, Reimer Behrends wrote:
> Example: To access a MySQL database from PHP, Perl, or some other
> scripting language, you need the password to connect. Because the script
> runs with Apache's permission, the file containing the password must be
> readable using the Apache uid. Because of that, _any_ script running
> under Apache can retrieve the password. The only way around that is to
> make the script setuid in some form (using suexec, cgiwrap, FastCGI, or
> some other approach), which carries its own risks. PHP safe mode will
> not help, because you can just use a Perl script (assuming that CGI is
> allowed) to access the file, anyway.

AFAIK Apache 2 lets you have a different UID for each virtual host.
(Read it somewhere and always wanted to test it :)

     Balu



More information about the pmwiki-users mailing list