From: "Nirnimesh" <[EMAIL PROTECTED]> > My question relates to using php for handling file uploads. Since php runs > as user apache, using it to manage file uploads means that I need to give > write permissions to the user apache, which is a near-to-nobody user, i.e. > 0+w permissions. Now does that not mean that anyone who can run a php > script on the server can write to my account?
Yep. > Is there any configuration setting that I need to fix, for this seems to > me to be too trivial to be a bug, but still I know it can be used with > fatal effects. Turn safe_mode on or put open_basedir (?) restrictions in effect. The manual will have more info. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
