AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
November 21, 2008, 05:42:09 PM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4642 Members
Latest Member: Xhzatkpf
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Important Announcements  |  Topic: An Overview of Phpsuexec 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: An Overview of Phpsuexec  (Read 831 times)
AlphaWolf
AOT Administrator
Administrator
Hero Member
*****
Offline Offline

Posts: I am a geek!!



View Profile WWW
An Overview of Phpsuexec
« on: February 05, 2007, 03:12:38 PM »
Phpsuexec has been implemented on all semi-dedicated servers and will be implemented over the next couple of months on all of our shared hosting servers.

Here is a brief overview on Phpsuexec

On most Apache servers, PHP runs as an Apache Module. As such, it runs directly in the user Nobody, but doesn't require the execute flag.

This means that in order to execute a PHP file, it simply needs to be world readable.

The problem is that this allows every other users on the server to read your PHP files !

Allowing other users to read your HTML files is not a problem, since they can be displayed in Internet Explorer. However, PHP files are not readable, they are parsed.

Many scripts use a PHP file to store a database username and password. This means that on another server every client could read your PHP files, retrieve your password and access your databases.

PHPsuexec executes PHP scripts under your username.

As such, instead of using everyone's permissions it uses the owner's permissions.

You can thus change the permissions of your PHP scripts to : 0700 or 0400 and still be able to read and execute them. However, these scripts will no longer be accessible to any other users.

In fact, PHPsuexec will refuse to execute a script if it is world-writtable to protect you from someone abusing one of your scripts.


the only required permission is owner-read (0400), but if you need to write to that file, you need to also enable the owner-write permission ( 0600 ).

it is recommended that all PHP files to have either permission 0400 or 0600.

The execute permission is never required, and the group and everyone permissions can be left to 0.


To add complexity to the issue, PHPsuexec, also validates the directories in which PHP files are located.

A PHP file cannot be execute in a directory that is group-writtable or world-writtable.

However, in order to access a directory, it must be world-executable, which is safe to do.

As such, directories containing PHP files should have permissions 0755 or 0555.
Logged
AlphaOne Tech Webmaster Resources
http://www.alphaone-tech.com/resources/
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Important Announcements  |  Topic: An Overview of Phpsuexec « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!