| Re: Forum displays PHP code, not website [message #177392 is a reply to message #177385] |
Sat, 24 March 2012 09:35   |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
|
Senior Member |
|
|
Gordon Burditt wrote:
> P E Schoen wrote:
>> http://www.muttleydog.com/RandomQuoteImage.php
>
> Using OS file permissions and ownership, can Apache/PHP read it?
> (Apache has a specific OS user it runs as, typically something like
> httpd, apache, or www. Hopefully *not* root).
>
> […]
> - If the answer is NO, then Apache/PHP can't read it, and therefore
> can't use it, and unless it's good for something unrelated to
> Apache/PHP, things would probably be more secure if you just
> DELETE it.
ACK :)
> [snipped because of Full ACK]
>
> An additional protection is that the database cannot be connected to
> from the Internet at large, enforced by a firewall.
It is more secure if the database server also does not accept connections
from outside the server-local network. This is the default for recent
versions of MySQL Server (cf. LAMP/WAMP). Network-local PHP-based
applications like phpMyAdmin can still access the database then.
PointedEars
--
var bugRiddenCrashPronePieceOfJunk = (
navigator.userAgent.indexOf('MSIE 5') != -1
&& navigator.userAgent.indexOf('Mac') != -1
) // Plone, register_function.js:16
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]