suPHP rules
suPHP is an alternative to phpsuexec. It is an Apache module that lets PHP scripts run as the owner of the script, instead of the web server. This offers many security and usability enhancements to the world of PHP web serving.
suPHP does not allow .htaccess files to set variables for PHP. php flag must now be set in php.ini file.
Mainly, when users create and modify files in their directory with PHP scripts, they don't need to make those files world-writable (777).
The 4 rules for PHP to work fine on suphp enabled servers are:
=================
1. The .htaccess file should not contain any php config values.. Such php values should be specified in php.ini.
2. Permissions for all the php files must be 644.
3. Permissions for all web directories must be 755.
4. Ownership must be of the user and not nobody or any other user.
=================
Thank you.
nice
ReplyDelete