PHP file security issues

[ingyingamar]

Hi all.......I have written a content management system(cms for short) for about 50 virtual domains that reside on my server. All the domains have access to the cms files in each respective virtual directory. My issue here is that I want to have just ONE copy of the cms files that all have access to and not compromise my source code.

 

I have modified openbase_dir in httpd.conf so that all virtual domains  can read the files BUT they can also retrieve the source code......

 

1. Is there a way to make the files ONLY executable....

2. The common files contain functions only....is there a way add those functions to  php at apache/php startup so all have access.....(this would be a cool thing if php could do that....)

 

thanks for any suggestions offered.....

[kratsg]

So the php file is located on their server? Meaning they can FTP and access it? And what you want is a single one that handles all 50 "people"?

 

I'm a little lost on the question here.

[ingyingamar]

Hi.....I want just one copy of the cms files (they can't FTP to it) so that they can only execute the files and not copy the php source code (I also don't want to use an encoder).

[trq]

Chmod all the files to 661.

[ingyingamar]

I have tried that......it gives me a permission denied error.....you need read permissions to execute a php script.....

[rab]

make sure apache can access them