You're partly right. Relying on OS-based security isn't very practical in unix as well. As of now, someone can screw you over if they go "unlink(C:/);" Instead, try relying on safe mode, open base dir restrictions, disabled functions, etc. You can set these up on a per-vhost basis in your apache configuration using php_admin_value and other directives. Check the manual for more. Ted ----- Original Message ----- From: "Rick Kunkel" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, April 21, 2002 8:08 PM Subject: [PHP-WIN] Security with PHP4, Apache, and Win9x
> Heya folks. I'm using Windows 98SE, Apache 1.3.6, and PHP 4.1.3 as an > Apache module. My question concerns security in this environment. Since > there are no real "users" in Win9x, is the Apache/PHP combo able to do > whatever the heck it wants to my filesystem? > > I'm not versed in PHP yet, but from the things I've read, it looks like > filesystem objects can be read, written, or modified, and since Win9x has > no user-level security in it, I'm basically screwed if someone decides to > put a malicious PHP file on my server. > > Does this sound right? > > Thanks, > > Rick Kunkel > > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
