andrew... are you sure about this... i would have thought that if you have an apache user 'apache' and allow php to be run as/by 'apache' than this would provide complete access to anything php needs to do as 'apache'. this should definitely work if you allow the 'group' for the apache err log files be accessed by this user... so.. i ask again.. are you sure about this.. -----Original Message----- From: Andrew Hutchings [mailto:andrew@xxxxxxxxxxxxxxx] Sent: Wednesday, July 04, 2007 10:39 AM To: php-general@xxxxxxxxxxxxx Subject: Re: Re: php security books In article <7dd2dc0b0707041022k29aec05bxee83073a8e0d09cb@xxxxxxxxxxxxxx>quickshift in@xxxxxxxxx ("Nathan Nobbe") wrote: > ------=_Part_178329_18179255.1183569772294 > Content-Type: text/plain; charset=ISO-8859-1; > format=flowedContent-Transfer-Encoding: 7bit > Content-Disposition: inline ??? > this is getting good; i want to know why its *flawed* now too. ??? > no pressure :) ??? OK, well, for example page 3 of the book suggests making PHP output errors into Apache's error_log. To do this on Linux it means PHP would have to be run as root. ??? Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/ Windows is the path to the darkside...Windows leads to Blue Screen. Blue Screen leads to downtime. Downtime leads to suffering...I sense much Windows in you... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
