#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2000
    Posts
    1
    Rep Power
    0
    That's the issue.
    My server supports php and web users can publish to their dir.
    Of course they get .php3 files executed by the server... and you can do bad things with them...
    How do you cope with such problems?
    (mail spamming, deleting resources, etc..)

    Which configuration of permission do you use (unix user for web files etc...)

    I fear a naughty user can do "rm -R /" on my server...
    8)


    ------------------
    --------------------------
    Stefano 'Panda' Baraldi
    Lead Programmer @ Tremens
    www.tremensgames.com
    --------------------------
  2. #2
  3. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Brussels, Belgium
    Posts
    14,646
    Rep Power
    4492
    I'm not super familar with administering php, but i think you have to set up a user that php runs as. that user shouldn't have the privledges to "rm -R/" on your system. i think you specify the user or group or whatever in your php.ini file.

    there is also a safe_mode of running php. i'm not sure what it makes "safe" but maybe someone else can elaborate...

    ---John Holmes...
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    10
    Rep Power
    0
    If php is runnin' as Apache module. It's runnin' as Apache user eg. nobody or wwwadmin and if ya own yer files, no one can destroy 'em with php.

    ------------------
    WizActive
    wizactive@jimportal.com
    http://www.jimportal.com/

Similar Threads

  1. Replies: 1
    Last Post: February 8th, 2004, 01:59 PM
  2. Giving error when trying to upload huge files
    By chandar in forum PHP Development
    Replies: 1
    Last Post: January 17th, 2004, 05:56 AM
  3. Replies: 1
    Last Post: January 2nd, 2004, 04:55 PM
  4. .php files open the download box :(((
    By Dragons Master in forum Apache Development
    Replies: 0
    Last Post: December 23rd, 2003, 10:45 AM

IMN logo majestic logo threadwatch logo seochat tools logo