webserver security challenge
$30-100 USD
Paid on delivery
The challenge is how to secure PHP files on a webserver. This will require some serious Linux Administrator skills and also some C and/or PHP.
## Deliverables
To simplify this project requirements, we will work with only two files, which will be located in /home/User/public_html:
[url removed, login to view]
[url removed, login to view]
The file [url removed, login to view] will be owned by 'root', chmod 600 (-rw-------).
The file [url removed, login to view] will be owned by User, chmod 644 (-rw-r--r--).
The User will have FTP access to the server using the User ID.
Apache will be configured to run with the ID 'Apache'.
**The contents of file [url removed, login to view] will be:
**<?php
$value = 3 * 7; // secret formula!
?>
**The contents of file [url removed, login to view] will be:
**<?php
include '[url removed, login to view]';
echo $value;
?>
**YOUR CHALLENGE IS AS FOLLOWS:**
Configure the server in such way, that the script "[url removed, login to view]" will work as expected (http://localhost/~User will display the value "21"), AND the User will be allowed to modify [url removed, login to view] via FTP, AND the User will not be able to obtain the contents of "[url removed, login to view]" (which has the secret formula).
You are allowed to use "any means necessary" to accomplish this: Unix permissions, encryption, PHP interpreter modification, Linux kernel modification, additional programs/layers, etc.
* * *This broadcast message was sent to all bidders on Monday Jul 14, 2008 8:10:55 PM:
hi All, Thanks for your interest in this project, but I have finally found out, it is very easy to do by simply using Unix permissions in combination with PHP safe_mode and disable_functions. This last part is critical to prevent access as the Apache user. None of the bidders were aware of this capability.
Project ID: #3046222