comp.lang.php archive
Re: Looking for general advice on security
Date: Sat Apr 29 2006 - 09:53:36 CEST
Gordon Burditt wrote:
>>I'm designing a survey form page that will be fairly complex and am
>>becoming confident enough with PHP now to tackle most things.
>>(Thanks to everyone here who has helped)
>>
>>Before I go too far with this I was wondering if anyone could perhaps
>>offer advice or point me to any documents/web pages that could help with
>>ensuring the security of the form/page and site. It is likely that the
>>form will come under attack I expect.
>>
>>Even comments about the best chmod settings are welcome.
>
>
> PHP pages (with an Apache PHP-module setup) have to be world-readable,
> for Apache/PHP to use them.
Not true, at least not on my FC4 box. I have my html & php files all set to:
-rw-r----- 1 root apache 33 Apr 20 05:24 example.php
-rw-r----- 1 root apache 817 Mar 06 11:32 index.html
and they are served up nicely.
All directories in the docroot tree are set to
drwx-r-x--- 2 root apache 4096 Mar 06 11:41 css
drwx-r-x--- 2 root apache 4096 Mar 06 11:41 PHP
drwx-r-x--- 2 root apache 4096 Mar 06 11:43 images
Sh.
Received on Mon May 1 03:07:16 2006