Question about security

erikjjm

I recently switched hosting services. At my previous host, I "secured" my PHP code by making it executable, but neither writeable nor readable. However, at my new hosting service, they require all files to be readable, which now exposes some data (e.g. passwords in certain PHP files) that I do not want users to see.

Any thoughts on the best way for me to re-secure things? Thanks very much!

krumms

You'll need shell access.

First, find out what user Apache runs under (I'm assuming apache & a *nix host). This is usually "nobody".

Next, chmod your PHP files:

chmod 640 *.php

Then, change the owner of the files to be YOU (i.e. your username):

chown myname *.php

Finally, change the group of the files to be the APACHE USER (probably "nobody")

chgrp nobody *.php

That way, Apache can read your PHP, you can read and write your PHP, but nobody else can do either.

Tom L

erikjjm

Thanks, I'll try that!