Footnotes

Phorm™ v3.5.2

PHP3

Phorm is fully compatible with PHP3 -- simply change the file extension to .php3. The only file that needs to be changed is Phorm itself - phorm.php. Other files are not executed directly, but instead are called by Phorm; they can remain as named.

Footnote 1:

      Under UNIX and most other operating systems, persons who are authorized to use the system are generally assigned a user name or user ID, along with a password. These are used to "log in" (connect) to the system; the computer then knows who is accessing it, and what they are allowed and not allowed to do on the system.

      Under UNIX (which is what the majority of web servers run under), files on the system have a set of "permissions" which define who can access the file and what they can do with it. There are three things someone can do with a file: read it, write to it, and/or execute it (i.e. a program). There are three different people or groups of people who can be given these rights: the user (that's you), the group (that's essentially everyone else who has an account on the same computer as you) and the world (that's anyone who can connect to the computer).

      On a web server, there is one exception to the above user/password scheme: when somebody connects to the computer via the Web, they are logged in with a different user name, usually the name "nobody". User "nobody" has no password, and the only things it can do are read HTML files and tell the system to execute CGI programs (such as Phorm). If a CGI program is well-written, it's safe to let user "nobody" run it, because it can only do exactly what it's programmed to do (and that can only be changed by you, when you log in with your user name and password), and it still doesn't allow access to other files.

      While this setup is generally fine, there are some cases where a CGI program needs to be able to read or write to other files. Phorm is an example of this - it needs to be able to read its configuration files and library files, and if you're using text logging, it needs to be able to write to the log file. There are two ways you can give a CGI program access to files. The first is to change its permissions. You could change the permissions on phormconfig.php so that world (i.e. everybody) can read it. This is fine, so long as you don't have sensitive information in it, and don't care if anyone who wants to can read it (bear in mind that they have to know 1: that it exists, 2: how to find it and 3: how to read it). You could change the permissions on your text log file so that world can write to it, if you don't mind anyone being able to write to it (which, generally, is unlikely that anyone would want to). Since world includes user "nobody", your CGI programs (e.g. Phorm) will now have the desired file access.

      The other way to accomplish these things is to run the CGI program under your user ID, rather than "nobody". There are a number of ways to accomplish this, depending on what OS is being used, and how it's set up. It is most often done with a special program called a "wrapper". It looks at who the CGI program belongs to, and then executes it under that user ID. Again, so long as the program is well-written (and Phorm is :), this is safe, as it can only do exactly what it's programmed to do.

      Setting up and using a wrapper is beyond the scope of this document. If you need assistance with this, contact your system administrator.

      Security issues are different on an IIS system. I'm afraid I don't know much about Window/IIS, so you'll need to discuss it with your system administrator. In a nutshell, Phorm needs to be able to write to the text log file, and it needs to be able to read the configuration files, plugin registry and files, lib files and template files. Whatever is required to do that on an IIS system, that's what you need to do.

0101000001101000011011110111001001101101010010010111001101000011011011110110111101101100