I’d like to setup a PHP web server so that the PHP can not read PHP files.
Reason is that we had some attacks where people were able to read (instead of execute) PHP files and thereby get access to sensitive information like database passwords (or we at least think so).
Obviously, the PHP engine must be set up so that it can read the PHP files. However, I’d like it to change it to a different identity after it has read and compiled the PHP code and before it executes it. This way, malicious code would not have access to information stored in the PHP files.
Rough implementation idea on Unix: the process executing the PHP could setuid() after reading/compiling the code.
Does this exist? Or is it a stupid idea?
I am aware of the chroot() function and also the VHostUser Directive but as far as I see that doesn’t do the trick.
Btw: I could use Apache or IIS