Cancelado

webserver security challenge

The challenge is how to secure PHP files on a webserver. This will require some serious Linux Administrator skills and also some C and/or PHP.

## Deliverables

To simplify this project requirements, we will work with only two files, which will be located in /home/User/public_html:

[url removed, login to view]

[url removed, login to view]

The file [url removed, login to view] will be owned by 'root', chmod 600 (-rw-------).

The file [url removed, login to view] will be owned by User, chmod 644 (-rw-r--r--).

The User will have FTP access to the server using the User ID.

Apache will be configured to run with the ID 'Apache'.

**The contents of file [url removed, login to view] will be:

**<?php

$value = 3 * 7; // secret formula!

?>

**The contents of file [url removed, login to view] will be:

**<?php

include '[url removed, login to view]';

echo $value;

?>

**YOUR CHALLENGE IS AS FOLLOWS:**

Configure the server in such way, that the script "[url removed, login to view]" will work as expected (http://localhost/~User will display the value "21"), AND the User will be allowed to modify [url removed, login to view] via FTP, AND the User will not be able to obtain the contents of "[url removed, login to view]" (which has the secret formula).

You are allowed to use "any means necessary" to accomplish this: Unix permissions, encryption, PHP interpreter modification, Linux kernel modification, additional programs/layers, etc.

* * *This broadcast message was sent to all bidders on Monday Jul 14, 2008 8:10:55 PM:

hi All, Thanks for your interest in this project, but I have finally found out, it is very easy to do by simply using Unix permissions in combination with PHP safe_mode and disable_functions. This last part is critical to prevent access as the Apache user. None of the bidders were aware of this capability.

Habilidades: Programação C, PHP

Ver mais: security administrator, php programming easy way, interpreter programming, challenge programming, broadcast programming, apache programming, webserver, unix administrator, secure programming, linux kernel, challenge, run administrator script, php script interpreter, apache server 2008, project challenge script, php challenge, apache linux webserver user, interpreter work, linux apache programming, apache server permissions, php script echo, server 2008 apache php, script home security, home security script, programming encryption

Acerca do Empregador:
( 285 comentários ) San Diego, United States

ID do Projeto: #3046222

2 freelancers estão ofertando em média $70 para este trabalho

williambetts

See private message.

$55.25 USD in 14 dias
(7 Comentários)
3.4
merlincoreyvw

See private message.

$85 USD in 14 dias
(2 Comentários)
0.5