On Fri, April 21, 2006 3:48 pm, Benjamin Adams wrote: > I have a text file that is just being read by php > Can I change the permissions of it so www can not read it? Yes. Then PHP cannot read it, if your setup is what I think it is... > what username does php uses to read files? That depends. If PHP is running as a Module to Apache (see phpinfo output and search for SAPI) then it runs as the same user Apache runs as, which is set in httpd.conf by the "User" directive. 'www' is a very common choice for this setting, so you probably have PHP running as a Module with 'www' as the user, based on what you posted. PHP can also be run as CGI or FastCGI, and in those cases can, if desired, be configured via suexec to be run as some other user. That's pretty much what suexec does. There are wrinkles and risks to using suexec, and some for using CGI, including perforamnce issues. So it's not usually done on inexpensive shared hosting, nor on high-volume servers. Under IIS, I don't know (or care) how the user process file permission stuff works. Actually, I *do* recall fighting with MS and something about IUSER_MACHINENAME at some point in Windows 95/98 days, in case that helps some very sorry luser reading this post. Back to your topic: If you make your text file un-readable (or un-writable or un-executable) by the User that PHP us running as (probably 'www' in your case) then PHP simply cannot read (or write or execute, if you change those) the file. The converse is, unfortunately also true: If PHP runs as the 'www' user and the 'www' user can read the file, then PHP can read the file. Why "unfortunately", you ask? Because ANYBODY who can write and upload a PHP script to that machine can read that file. This means that on most shared servers at a reasonable price-point, you simply have to take a leap of faith and trust your fellow users to not poke around in your stuff too much. Please see previous post regarding credit card numbers and hot potatoes to make a connection now. Thank you. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
