faqts : Computers : Programming : Languages : PHP : Installation and Setup : Security

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

1 of 3 people (33%) answered Yes
Recently 0 of 2 people (0%) answered Yes

Entry

How do I make PHP available to non-admin users without comprimising security?

Mar 2nd, 2000 12:49
Matt Gregory, Akira Neogono, 


There is no one correct answer to this question.  I have seen many 
people disable access to exec, fopen for file creation, copy, dl(), and 
many other functions.  The real question is how much to you need to 
give php?  The truth is, anyone able to create and run scripts on your 
server should be somewhat trusted anyhow.  Anyone with any access to 
any scripting language can find a way to comprimise your security.
But you CAN limit what can be comprimised.  PHP allows you to control 
almost all of it's funcitonality.  I'm not going to try to explain all 
of this here, you can read it for yourself on the php site.  Be 
prepaired to spend a while doing this because you really should 
understand how it works if you are going to administer the system.
The link to security information for php is below.
http://www.php.net/manual/security.php3