I am planning to implement PHP under Deefield Website Pro 3.1 (not visnetic 3.5x).
We have read through some of the documentation of the PHP.NET site and found that PHP allows direct filesystem access based on the rights of your webserver. We feel that it would be a good ideal to disalow the use of such file deletion commands and the ability to upload files via http. we already have the latter figured out because it was configurable directly through the PHP.ini file. However access to the enabling and disabling of other commands didnt seem so obvious! Where should I look for resources related to locking down the security of PHP? In particular can I specify directories that PHP will allow scripts to execute? For instance can i specify that d:\domains\domain1 can have access but not d:\domains\domain2 ? This sure would be an awesome feature if there is such a feature. Thanks, David P Lenk Systems Engeneer Net-Venture, Inc -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
