Yoni Posted January 10, 2012 Report Share Posted January 10, 2012 Hi, I have written a guide to secure the Uniform Server and lock it down at the NTFS level for a production environment. In the process I noticed that apache loads libmysql.dll library from X:\Uniserver\usr\local\mysql\bin instead of loading it from X:\Uniserver\usr\local\php as I've seen from previous versions. In my attempt to lock down my Uniserver I denied apache's access (NTFS permissions) to X:\Uniserver\usr\local\mysql folder. I copied libmysql.dll to my PHP folder and edited apache's httpd.conf to load the libmysql.dll from the new location (X:\Uniserver\usr\local\php) Is it there any specific reason why UniServer Coral 8.0.0 is delivering the libmysql.dll in the mysql folder instead of any other location? I really want to understand the propose of it because in my opinion it only prevented me from locking out my apache service from accessing the mysql folder to load this dll, momentarily. By the way, the guide to strength the UniServer security can be found at http://geeks.gotdns.com/archives/uniform-s...rvices-security Maybe someone wants to add a link to it in the wiki. Your suggestions and improvements are always welcome. Quote <p class="bbc_center"><span style="font-size:12px;"><strong>Yoni</strong></span></p> Link to comment Share on other sites More sharing options...
BobS Posted January 10, 2012 Report Share Posted January 10, 2012 This is actually a question for Ric (who is away for the moment). I would guess that libmysql was put where it is so that it facilitated the MySQL version updates. When a MySQL update occurs, most all the changes happen only in the MySQL folder,and often are limited to just the bin subfolder at that. However, your security argument tops that reasoning, as long as we can be sure it doesn't get forgotten during an update cycle. Mismatched dlls are a real nightmare to resolve. Regards,BobS Quote Link to comment Share on other sites More sharing options...
Yoni Posted January 10, 2012 Author Report Share Posted January 10, 2012 Bob, nevermind. I reused the original location. Apache needs to have read access to the mysql folder anyways otherwise phpMyAdmin doesn't load. I don't use PHP my admin myself but the guide should be focused more on users than in my personal preferences. Read permissions is still secure enough. No files can be modified by the apache service inside the mysql folder. Quote <p class="bbc_center"><span style="font-size:12px;"><strong>Yoni</strong></span></p> Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.