Is it possible to setup DBG to require a user to login for each DBG session? I am trying to figure out if this module is safe to add to a public linux based ISP virtual server (with about 100 users). I would like to set it up so each user can connect to debug scripts that they have access to without being able to debug other users scripts. Also, I need to be sure that non-users (or at least people without login info) don't have access to debug anything.

-Shaun

with ssh tunneling you can require users to enter their passwords before they can start debugging. Firewall should be configured accordingly to let dbg module to connect to locally (127.0.0.1) running daemons only. Each user should be assigned with his own TCP port number.
PHPED/settings->debugger tab should be set hostname -> localhost, port -> any suitable, ssh client with appropriate socket forwarding (-R).
Read FAQ for further details.


It can be considered safe if you use ssh tunelling.


Actually if you run virtual hosts (apache children) under corresponding user accounts and their htdocs have appropriate permissions, you have no risk if unauthorized people can debug scripts while they work with their own virtual host.
BTW, you're welcome at http://www.nusphere.com/contact_us/ if you have some thoughts about how to implement appropriate schema securely. At least we can discuss possible ways.

My ISP says that this seems like a hack... and I would agree. What is to keep other [local] users from compromising the system. DBG is a great tool, but I think some serious consideration needs to be put in to securing it.

-Shaun