There is some security related issues I can't figure out how to fix or solve.
The facts:
1. I will start a freeweb service, which will offer the runing of cgi and php scripts.
2. I will use my own php scripts to manipulate MySQL database on the same server.
The questions:
1. How to protect world readable files (e.g. /etc/passwd) being viewed? (Can the php and cgi be chrooted or something??? Any idea?)
2. How to handle MySQL password securely? I don't want to write it into the php source, because it's world readable (q.1.). I can store it in .my.cnf owned by trusted_user mod 600, but can't read from php, because it runs uid/gid (nobody) like Apache. So what? Can I run a php script under other uid/gid (trusted_user) than specified with Apache's User and Group options (nobody)? Or can I run a php script as cgi? (Because this way I can adjust uid/gid with VirtualHost/User and suexec.)
Your help will be really appreciated!
Thanks in advance,
bandi. [sig][/sig]
The facts:
1. I will start a freeweb service, which will offer the runing of cgi and php scripts.
2. I will use my own php scripts to manipulate MySQL database on the same server.
The questions:
1. How to protect world readable files (e.g. /etc/passwd) being viewed? (Can the php and cgi be chrooted or something??? Any idea?)
2. How to handle MySQL password securely? I don't want to write it into the php source, because it's world readable (q.1.). I can store it in .my.cnf owned by trusted_user mod 600, but can't read from php, because it runs uid/gid (nobody) like Apache. So what? Can I run a php script under other uid/gid (trusted_user) than specified with Apache's User and Group options (nobody)? Or can I run a php script as cgi? (Because this way I can adjust uid/gid with VirtualHost/User and suexec.)
Your help will be really appreciated!
Thanks in advance,
bandi. [sig][/sig]
