How safe will be my CGI scripts be, if I host with you?

We have PHPSuExec enabled in the server. When using the common PHP installation on a webserver, php runs as the user nobody and it doesn't require the execute flag to be enabled.

The problem on this is that if mod_openbasedir is not installed, every user will be able to read your php files because everyone is virtually sharing the same username (nobody).

As most of you already know, PHP Files are not meant to be read, but parsed, and that is where the problem resides. PHP Files have to be parsed, otherwise everyone who is able to read your php file will see settings that you would probably want to keep private, such as your MySQL username and password.

PHPSUEXEC fixes all this because it requires php to be run as the file owner's username. (for example: andre)

This is not everything it fixes though. PHPSUEXEC is also here to fix file ownership problems. This has been a common issue on a few Content Management Systems such as Joomla and also on the popular blog software: WordPress.

It also adds security to your files as you can use permissions such as 600 or 700 in your files and your visitors will still be able to view them (parsed) in their browsers.

  • 13 Users Found This Useful
Was this answer helpful?

Related Articles

How do I report a phishing site?

Should you wish to report any phishing website or abuse through Network.Please submit a Abuse...

Can I send in a check or money order?

We do accept Indian check and Indian money order. Your payment may take 3-5 business days after...

When will my account be suspended if I am past due?

You have 20 days after the date due before we will suspend your account. You can make payment...

How can I access my domain before domain propagation is complete?

You can temporarily access the contents that you have uploaded in your webspace using...

How do I do a traceroute test and ping test?

Traceroute is a computer network tool used to determine the route taken by packets across an IP...