At 09:15 09/07/2002 +0000, you wrote: >Message-ID: <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >From: "Scott Hurring" <[EMAIL PROTECTED]> >Date: Mon, 8 Jul 2002 17:36:52 -0400 >Subject: Re: WinampCOM problem > >What user is your Server running as?
Whoa ! This is a really, really *bad* idea - you have given the web server access to all the files which are owned by you as far as I can tell, and have introduced a major security hole. A web server should *always* run as its own (low-privilege) user, and be given limited access to specific files by adjusting the permissions on the file & directory on a case by case basis, not the other way around. Please tell me the address of your webserver, I wanna hack it ;-) (Actually you dont need to - somebody will probably beat me to it!) Cheers, Neil Smith. >For me, when i setup apache on my Win2k machine, i >had to "RunAs" my personal "scott" account, rather than >the system account, or else apache wouldn't be able to >read certain "scott-only" files.... perhaps the user that >apache is running as doesn't have permission to do >COM stuff.... but i really don't know for sure. > >-- >Scott Hurring >Systems Programmer >EAC Corporation >scott (*) eac.com >-- >"Olivier Hubert" <[EMAIL PROTECTED]> wrote in message -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
