Jump to content

ChenXiu

New Members
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ChenXiu

  • Rank
    Newbie
  1. I tried to type this in my last post but your forum rushed me and said "NO MORE EDITING" so now I have to make a new post. But that is good. More content = better forum. That is why lay people simply answer questions but Admins say "Why do you want to do this?" because it adds content. So I make you happy, I give you two posts. Now you have double good content. Okay this is what I found: I see that in the www.conf in my pool.d, PHP is user="www-data" and group="www-data" Should I be terribly upset about this? Or happy? PHP is "www-data" and belongs to the group "www-data". So th
  2. I am quoting myself, here is what I said in my previous post (Quoted above, and below): "I have my own server" -but- "I also have a website on a shared hosting environment" (and also in my first post, I also said): "I have my own server but I also have a website on a shared hosting environment" Like "I have an apple, and I have an orange." I have both an apple and an orange. I have my own server (which I have root), and I also have a website on a shared hosting server. I am sorry to confuse you, my language can be very confusing. On my own server, I installed PHP
  3. Thank you, here are the answers to your questions: When I log in as $USER ("BillyBob") and run <?php echo exec('whoami'); ?> Result: PHP is running as BillyBob When I log in as root and run <?php echo exec('whoami'); ?> Result: PHP is running as root When I run "groups php" Result: groups: ‘php’: no such user When I run grep php /etc/group Result: (no result) When I run "groups BillyBob" Result: Billybob sudo www-data I am a member of www-data because I always add myself to www-data whenever I set up a server because that's what all the experts on the
  4. After searching for a secure and decent-looking user/apache permission structure for my server's /var/www/html directory, I found an expert-looking answer on askubuntu . Now my directories and files are 760 and 640 respectively, with a "user:www-data" ownership, like this: 760 drwxrw-s--- Billybob:www-data html 640 -rw-r----- Billybob:www-data file.php It appears to work scrumptialiciously. Any previous permission/ownership structure I had presented problems, like php not having directory/file write permissions, or worse, I would not have permissions to write, etc.
  5. I have an ecommerce site on shared hosting enviroment. My ecommerce site stores customer data (name, address, email, phone, and item purchase) in mySQL database. (No super private data like credit card numbers or social security numbers.) Using openssl (openssl_cipher, iv, etc.), I've been encrypting this customer data and storing the encrypted data in mySQL. Today, I'm thinking "what's the point." It's like having a lockbox with the key on the wall above... My thoughts: 1. The "secret cyphers" are located on my server, so if someone hacks my server, they'll get the secre
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.