stackoom
  简体   繁体   中英

Safest way to write into /etc from php application?

 原文  2016-06-21 15:25:07       php/ linux/ apache2/ rights

Question

What is the safest way to achieve storing a config file into /etc after entering the settings on a php application running in Apache2 ?

I have a daemon reading its config at startup from a file I stored into /etc/mydaemon/main.conf (thought it was the best place to store its settings).

Now I want to have a php application allowing users to change its setup via elegant webpages. But how can I get the rights to write/overwrite this file without compromising the server's security?

1 answers

solution1
 0  2016-06-21 15:50:52

If the Apache user ( www-data ) can write or modify /etc all the system is compromised.

If any user of the PHP application can change the demon's configuration the behaviour may be a mess. You told about "users", changing simultaneously that config file.

As @quentin says use a database if you need persistence; or an application file (not in /etc or other system directory).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What's the safest way to remove data from mysql? (PHP/Mysql) safest way to create sessions in php Safest way to parse url for PHP CMS? What is the safest way to access CLI program in PHP Safest way to send JSON string to PHP server safest way to cypher an user id on php The safest way to avoid SQL injection in PHP? What is the safest way to share objects PHP php - safest way to ensure plain text What's the safest way to write loads of data / SQL to a text file?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM