[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secret data for php pages


On Wed, 7 Jun 2000, Sean 'Shaleh' Perry wrote:

> 
> On 07-Jun-2000 Robert Varga wrote:
> > 
> > That is not the same problem. When I refer on users, they are meant as
> > system users on the webserver, not web visitors.
> > 
> > What I need is a way to provide separate mysql databases to all
> > virtualhosts and webserver users, without a possibility for them to access
> > each other's databases.
> > 
> 
> each v host gets a user, the web daemon runs as that user.  The mysql passwds
> are in a file that that user can read.  Only people who can learn it are other
> members of the v host.
> 

No, that is only true if it is a cgi. Apache modules don't change uid-s.
They always run as set globally in httpd.conf, by default www-data, and
you cannot override it for virtual hosts.

What you can override is running cgi-s or exec-s from SSI-s. The User /
Group override for virtual hosts is only for cgi-s run in that virtual
host.

PHP is an apache module on our site, and if it was run from a cgi
(php3-cgi package) then performance would decrease due to 
  1. not having persistent connections 
  2. having to load the php interpreter on every request for every php
     page.

Regards,

Robert Varga
Reply to: