Need help with file permissions for PHP files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

I am running a website on server where I am not administrator, and there are other users of the same machine. The machine is linux running Apache. The website is written in PHP.

The problem is that, in order for PHP to be able to access *.php files, the files must in a directory with execute permission, and files themselves must have read permission. This makes my files open to reading by anyone, that is, anyone can look at my PHP source code, which I do not want.

The best I can do about it is to put those files in a directory with execute, but without read permission, that way the potential hacker can not know the names of my files, but he may be able to guess them! This is the first and most benign problem, but all following problems are more serious and have the same basis.

The website accesses mysql database, and PHP script caches some information into a cache.txt file. Since this PHP script must write to this file, the file has write permission. So, a potential hacher can write to cache file and make my website display errorneus information, or maybe even completely disable website.

The third problem is most severe. The PHP scripts from website connect to my mysql database. For security reasons database accepts only connections through local socket file. Again, the permissions are such that, if PHP script can access it, so can potential hacker, and he can also read password from PHP source, so a hacker has no trouble bringing my whole database down (well, he can not do that because of database access privileges, but he could do lot of damage knowing all this).

Please help!

Additional information (if that helps):
The website is located in directory home/vriho/public_html/
The mysql database is in home/vriho/db/mysql/ (not shared to other users)
The local socket file for mysql is at home/vriho/db/socket/
The parts of website that are "hidden", including the cache file are at directory home/vriho/public_html/parts/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux