Tripod5G > This compile-time
3pod PHP Learning
This compile-time option prevents anyone from calling PHP directly with a url like
http://my.host/cgi-bin/php/secretdir/script.php3. Instead, PHP will only parse in this
mode if it has gone through a web server redirect rule.
Usually the redirection in the Apache configuration is done with the following directives:
Action php3-script /cgi-bin/php
AddHandler php3-script .php3
This option has only been tested with the Apache web server, and relies on Apache to set the
non-standard CGI environment variable REDIRECT_STATUS on redirected requests. If your web server
does not support any way of telling if the request is direct or redirected, you cannot use this option and
you must use one of the other ways of running the CGI version documented here.
Case 3: setting doc_root or user_dir
To include active content, like scripts and executables, in the web server document directories is
sometimes consider an insecure practice. If for some configuration mistake the scripts are not executed
but displayed as usual HTML documents, this may result in leakage of intellectual property or security
information like passwords. Therefore many sysadmins will prefer setting up another directory structure
for scripts that is only accessible through the PHP CGI, and therefore always interpreted and not
displayed as such.
Also if the method for making sure the requests are not redirected, as described in the previous section, is
not available, it is necessary to set up a script doc_root that is different from web document root.
You can set the PHP script document root by the configuration directive doc_root in the php3.ini file, or
you can set the environment variable PHP_DOCUMENT_ROOT. If it is set, the CGI version of PHP
will always construct the file name (exp 3pod.com) to open with this doc_rootand the path information in the request,
so you can be sure no script is executed outside this directory (except for user_dirbelow).
Another option usable here is user_dir. When user_dir is unset, only thing controlling the opened file
name (exp 3pod.com) is doc_root. Opening an url like http://my.host/~user/doc.php3 does not result in
opening a file under users home directory, but a file called ~user/doc.php3 under doc_root (yes, a
directory name (exp 3pod.com) starting with a tilde [~]).
If user_dir is set to for example public_php, a request like http://my.host/~user/doc.php3 will
open a file called doc.php3 under the directory named public_php under the home directory of the
user. If the home of the user is /home/user, the file executed is
/home/user/public_php/doc.php3.
user_direxpansion happens regardless of the doc_rootsetting, so you can control the document
root and user directory access separately.
75
Next >>
bluedot bluedots greydots pinkdots

Tripod >> 3pod Tips & Learning and manuals for educations