[snip] The problem is that, in order for PHP to be able to access *.php files, the files must in a directory with execute permission, and files themselves must have read permission. This makes my files open to reading by anyone, that is, anyone can look at my PHP source code, which I do not want. The best I can do about it is to put those files in a directory with execute, but without read permission, that way the potential hacker can not know the names of my files, but he may be able to guess them! This is the first and most benign problem, but all following problems are more serious and have the same basis. The website accesses mysql database, and PHP script caches some information into a cache.txt file. Since this PHP script must write to this file, the file has write permission. So, a potential hacher can write to cache file and make my website display errorneus information, or maybe even completely disable website. The third problem is most severe. The PHP scripts from website connect to my mysql database. For security reasons database accepts only connections through local socket file. Again, the permissions are such that, if PHP script can access it, so can potential hacker, and he can also read password from PHP source, so a hacker has no trouble bringing my whole database down (well, he can not do that because of database access privileges, but he could do lot of damage knowing all this). Please help! [/snip] Then you need to go here http://shiflett.org and read about securing your code. If you are worried about being hacked, and from your post it seems that you may be excessively worried (what could you have that a hacker would want that badly?) you need to do lots of reading on securing your server, website, database, etc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
