On 8 Apr 2001 08:02:44 -0700, Steve Prentice <[EMAIL PROTECTED]> wrote:
>Has anyone got any good ideas because this seems to be a very important
>issue, and we can't be the only people running win32 apache and php.
What user are you running Apache as? If it's a special account which low
privileges, a properly secured system (e.g. no Everyone "Full Control" on
important files) won't allow the users to do much in any case. This would, of
course, still allow any one of your web users to attack another web user.
To counter this, have you tried safe_mode / doc_root, disable_functions, and
open_basedir? safe_mode / doc_root / open_basedir allow you to restrict which
files can be opened and disable things like dl() or calling arbitrary binaries
on the system. disable_functions allows you to disable certain functions - e.g.
unlink() and friends. Setting these in each VirtualHost should significantly
complicate life for any attacker.
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
