doushai4890 2016-06-21 15:25
浏览 54

从php应用程序写入/ etc的最安全的方法?

What is the safest way to achieve storing a config file into /etc after entering the settings on a php application running in Apache2 ?

I have a daemon reading its config at startup from a file I stored into /etc/mydaemon/main.conf (thought it was the best place to store its settings).

Now I want to have a php application allowing users to change its setup via elegant webpages. But how can I get the rights to write/overwrite this file without compromising the server's security?

  • 写回答

1条回答 默认 最新

  • doujiaoang69440 2016-06-21 15:50
    关注

    If the Apache user (www-data) can write or modify /etc all the system is compromised.

    If any user of the PHP application can change the demon's configuration the behaviour may be a mess. You told about "users", changing simultaneously that config file.

    As @quentin says use a database if you need persistence; or an application file (not in /etc or other system directory).

    评论

报告相同问题?

悬赏问题

  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测