You're entirely correct -- IF it was an internet accessable webserver. It's installed locally on my workstation solely for local development. It's got a pretty nice corporate firewall and "httpd.conf" restrictions setup to deny access to everyone 'cept me. Of course, firewalls and corporate LAN's can be hacked, but i figure that if someone's good/determined enough to hack into this particular LAN, apache security flaws are the least of my worries. :-)
But basically, i did that beucase i'm not too fluent with the bizarre system of Win2k permissions and system accounts... --- Scott Hurring Systems Programmer EAC Corporation [EMAIL PROTECTED] Voice: 201-462-2149 Fax: 201-288-1515 > -----Original Message----- > From: Neil Smith [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 09, 2002 7:56 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: run as > > > At 09:15 09/07/2002 +0000, you wrote: > >Message-ID: <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >From: "Scott Hurring" <[EMAIL PROTECTED]> > >Date: Mon, 8 Jul 2002 17:36:52 -0400 > >Subject: Re: WinampCOM problem > > > >What user is your Server running as? > > Whoa ! This is a really, really *bad* idea - you have given > the web server > access to all the files which are owned by you as far as I > can tell, and > have introduced a major security hole. A web server should > *always* run as > its own (low-privilege) user, and be given limited access to > specific files > by adjusting the permissions on the file & directory on a > case by case > basis, not the other way around. > > Please tell me the address of your webserver, I wanna hack it ;-) > (Actually you dont need to - somebody will probably beat me to it!) > > Cheers, > Neil Smith. > > >For me, when i setup apache on my Win2k machine, i > >had to "RunAs" my personal "scott" account, rather than > >the system account, or else apache wouldn't be able to > >read certain "scott-only" files.... perhaps the user that > >apache is running as doesn't have permission to do > >COM stuff.... but i really don't know for sure. > > > >-- > >Scott Hurring > >Systems Programmer > >EAC Corporation > >scott (*) eac.com > >-- > >"Olivier Hubert" <[EMAIL PROTECTED]> wrote in message > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
