Dear Timothy,
I totally agree with you about smucks - I prefere to call
them people with low moral insight. :) About PHP, it might
very well be as you said, and if so, and if one execute
this method one are still vulnerably to attacks - if one
can set this privileges with in PHP then one, or rather
the smucks, can remove them with in PHP to.
But if these access right are controlled by a meta-system
instead (e.g. the file access control list maintained by the
operating system it self, and/or the file security settings
within the web server it self), this would be a much secure
way to ensure the file security policy within your system.
//Anders
> -----Original Message-----
> From: Timothy Mackenzie [mailto:[EMAIL PROTECTED]]
> Sent: Monday, April 15, 2002 2:54 AM
> To: Svensson, B.A.T. (HKG)
> Subject: Re: [PHP-WIN] Re: Security using Apache & Windows
>
>
> There is a way of configuring PHP to limit access to the file system. You
> don't want any schmuck who uploads a PHP script access to your entire
> system, right? PHP allows you to limit what parts of the system can be
> seen. My question is how is this done?
>
> ----- Original Message -----
> From: "Svensson, B.A.T. (HKG)" <[EMAIL PROTECTED]>
> To: "Tim Mackenzie" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Friday, April 12, 2002 6:40 AM
> Subject: RE: [PHP-WIN] Re: Security using Apache & Windows
>
>
> > This is after all and PHP list, so if you explain the relation to
> > PHP then people might help you
> >
> > Otherwise you might try ask in an apache or MS Windows support group....
> >
> > > -----Original Message-----
> > > From: Tim Mackenzie
> > > Sent: Tuesday, April 02, 2002 5:47 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: [PHP-WIN] Re: Security using Apache & Windows
> > >
> > >
> > > No one can help?! Please, please, please...
> > >
> > > "Tim Mackenzie" <[EMAIL PROTECTED]> wrote in message
> > > > I'm running W2K with Apache and PHP4. I'm going to be hosting a
> number of
> > > > websites that I would like to provide PHP support for. What I don't
> want is
> > > > them to be able to access my entire file system. They should, at
> most, be
> > > > only allowed read/write access to their site folder. How do I go
> about
> > > > doing this? I've looked around, but I haven't found something that
> > > > addresses this. I know there's the basedir value (I think that's it),
> but I
> > > > don't understand how to use it. Could somebody (several people)
> please post
> > > > any tips they have for securing the file system of a web server.
> Thanks!
> >
>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
