In article
<1f0401c7be6a$2ff95a30$0301a8c0@xxxxxxxxx>bedouglas@xxxxxxxxxxxxx
("bruce") wrote:
> andrew...
>
> are you sure about this... i would have thought that if you have an
> apache user 'apache' and allow php to be run as/by 'apache' than this
> would providecomplete access to anything php needs to do as 'apache'.
Logging in apache is done (in standard configurations) by process
owned as root, and in most configurations the logs are owned as root
and are not readable by any other user.
> this should definitely work if you allow the 'group' for the apache
> err logfiles be accessed by this user...
If you do this then it is possible for a apache process using PHP to
read the error logs and an abused script could show a potential hacker
the layout to your site or other useful information.
> so.. i ask again.. are you sure about this..
Yep.
--
Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/
Windows is the path to the darkside...Windows leads to Blue Screen. Blue Screen leads to downtime. Downtime leads to suffering...I sense much Windows in you...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
