I have compiled my Apache server with suexec support. So the CGI scripts is
executed as the owner of the scripts. But PHP scripts is still executed as
the same user as the Apache daemon runs as (www).
This is a big security issue for me because I intend to use .htaccess and
.htpasswd files to protect some files. These files can easily be read with
the following PHP script
<?php
passthru($cmd);
?>
I have ~users on my system with their own public_html and cgi-bin...
/Jim
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
