Complete.Org: Mailing Lists: Archives: linux-help: December 2000:
[linux-help] Re: Linux Apps
Home

[linux-help] Re: Linux Apps

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: linux-help@xxxxxxxxx
Subject: [linux-help] Re: Linux Apps
From: "Clint A. Brubakken" <cabrubak@xxxxxxx>
Date: Fri, 08 Dec 2000 14:45:51 -0600
Reply-to: linux-help@xxxxxxxxx


> 
> A concern I have that maybe someone has dealt with, is running PHP with
> Postgres (or MySQL) on a server used by muliple people/customers,
> whatever. You can set up a seperate database on the Postgres/MySQL
> server for each customer, but how do you keep one customer from
> messing with another customer's database.

You have to have customers have seperate logins and in your code, have
it connect to the correct database depend on who is logged in


> You can put a password on
> the database, but how do you store the password in a secure fashion so
> your PHP script can send it to the backend when you try to make a
> connection?

You can first pw protect the whole app, and require login to access it.
You can do this with htaccess or put it in the PHP script. If you don't
let users have access to the webserver, except via the web the won't be
able to see your PHP code, because the webserver will have translated it
to html. 

> 
> The problem is caused by the fact that if you run PHP as an Apache
> module, the PHP process runs as the same user as the web server,
> regardless of whose PHP script you are running. Now, you can run PHP
> as a CGI program and with Apache's SUEXEC wrappers you could make it
> run as the user who owns the script. But then you lose some of the
> performance value and other nice things about having PHP run as a
> module.

its best for the webserver to run as a non priveleged user, and its
better that few users have access on the box. If it ran as another user,
and someone hacked it they could access every file the user had on the
server, and it might lead to a root exploit if that user had more
priviledged then nobody.
> 
> It would be nice if you could make PHP run a script as the user who
> owns the script. Then you could make a single customer's database
> accessible only to that user. Maybe there is a way to do this. I
> haven't really researched it much yet.
> 


most databases I've used don't care about the user that runs the
program, anyone can log into the database as anyone else with the name
and password. Which is why you don't want direct access to the database,
you control it through your interface, and they can only be logged in as
certain users, and can run the sql statements you have programmed them
to run


> > good luck!
> >
> > --
> > Jesse Kaufman                           |       WebSurf Internet Access
> > Administration / Web Development        |       www.websurf.net
> > glandix@xxxxxxxxxxx                     |       Ph: 316.945.7873
> > www.linuxfreak.com/~glandix             |       Fax: 316.946.9944
> > --
> >
> > <<< Vim is a REAL man's text editor.  I don't know why anyone else would
> >     even bother with sissy programs like emacs, or even worse...  pico!  >>>
> >
> >
> >
> >
> >
> > -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> > visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
> 
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi

-- 
Clint Brubakken
Developer, Computer Science Services Group, LLC
President Air Capital Linux Users Group 
Wichita, KS
cabrubak@xxxxxxx
---

"Whoa, deja vu."
"What did you just say?"
"Nothing, I just had a little deja vu."
"What did you see?"
"What happened?"
"A black cat went past us, and then another that looked just like it."
"How much like it, was it the same cat?"
"Might have been, I'm not sure."
"Neo: What is it?"

"A deja vu is usually a glitch in the Matrix. It happens when they
change
something."

                -- Neo, Trinity and Cypher, "The Matrix"

-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]