Re: PHP Security

What exactly is your SysAdmin complaining about? There's nothing about PHP that poses any more (or less) of a risk than any other web platform on the i - or indeed any platform.

In particular what do you mean by "without running each PHP job without going through ZendAdmin? ". ZendAdmin doesn't have anything to do with security other than for the few PHP feature-specific controls.

Security is controlled via the Apache configuration (currently attached to port 89 if you took the defaults). The Zend installed default config does not require a signon but this can be easily changed either by hand or through the IBM wizards in the admin interface. If you already have a web config defined, then you can add the PHP specific directives to that and have _exactly_ the same protection for PHP as for any other of your web apps.

I would suggest that the Zend forum or Web400 at Midrange.com is a better source for this information (all due respect to this list but it may not have enough PHP users to help you). Web400 in particular has extensively discussed PHP signon control etc. in the last week. Check the Archives at midrange.com


Jon P.

Re: PHP Security

i took the sign on/security modules used in the Navigator demo that came with the PHP install and leveraged it to "lock down" the access on the system. it was a true learning experience, but as with all modular programming/design it was a write once and done effort.

Re: PHP Security

Jon,

Mucho-grassy-@#%@#%@#%!! Great follow-up info!

I wasn't sure why we kept you around earlier .. but, now I know!

@Tom --
I'd be interested in seeing what you did to lock things down with that... if you care to share. If not, I totally understand.

Thanks!