LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-31-2006, 09:50 AM   #1
asheesh.tyagi
Member
 
Registered: Apr 2005
Location: Delhi,India
Distribution: Red Hat
Posts: 35

Rep: Reputation: 15
phpinfo


Hi there
I am using apache 2 on fedora core 4. i configured apache to take authentication
from Active directory using mod_auth_ldap.in this i have to write my password in httpd.conf
in plain text.today i executed phpinfo() function through a web page on this machine
and guess it is showing me that password and username which i wrote in httpd.conf.
is it not a security breach as phpinfo provides a lot of information.

bye
 
Old 05-31-2006, 12:59 PM   #2
lord-fu
Member
 
Registered: Apr 2005
Location: Ohio
Distribution: Slackware && freeBSD
Posts: 676

Rep: Reputation: 30
Sure is, especially if you leave the info file in the directory you are serving web pages from. You can authenticate with mod_auth, and htpasswd. I dont know if you are doing this for a business environment that requires authentication from and AD DC or not, but the above method works for me in my case. I am no expert on this subject thats just what I know.
Sorry if I am leading you in the wrong direction, but I am sure someone else will come along and help you.
Hope that helps some.
 
Old 06-01-2006, 05:53 AM   #3
asheesh.tyagi
Member
 
Registered: Apr 2005
Location: Delhi,India
Distribution: Red Hat
Posts: 35

Original Poster
Rep: Reputation: 15
my company mainly using Active Directory so i have to use authentication from AD. i am using it to secure
a subversion repository ,which is browseable through web (using Viewvc).
 
Old 06-01-2006, 10:27 AM   #4
lord-fu
Member
 
Registered: Apr 2005
Location: Ohio
Distribution: Slackware && freeBSD
Posts: 676

Rep: Reputation: 30
I would think then if all is working fine, just remove the phpinfo page. It is painless to make a new one. Although I would try to find a new way to gather authentication other than plain text passwords in a file, especially since these are domain logon user names and passwords, to me that seems to be a huge, huge hole.

Last edited by lord-fu; 06-01-2006 at 10:29 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
phpinfo wont show updated values..Why??? Help rajnair0278 Linux - Software 13 03-22-2006 05:21 AM
Disable Dangerous Phpinfo() Fr33B5D Linux - Security 2 08-29-2005 08:29 AM
GD not showing up on phpinfo (mdk 10 AMD64) InfInIte Mandriva 1 04-30-2004 10:18 AM
phpinfo() saravanan1979 Programming 5 01-14-2002 01:23 PM


All times are GMT -5. The time now is 09:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration