If ISPs want to prevent stupid scripts copying uploaded files under
document_root they can set ownership and permissions on document_root so that
the web server doesn't have permission to write files there. That should fix
all problems associated with uploading php, perl and other such files whi
[PHP] Possible My Website was hacked... with PHP... please tell me what this
is???
http://marc.theaimsgroup.com/?t=10596316033&r=1&w=2
P.S. to Hartmut Holzgraefe <[EMAIL PROTECTED]>:
even funnier that he's using a root account for communication through
Microsoft Outlook Express 6.00.2720.30
On July 31, 2003 12:41 pm, skate wrote:
> sorry, unfortunatly i haven't got a full solution, just a suggestion. i
> don't know how difficult any of this would be to implement, but i feel that
> it could benefit the community by adding a little extra security.
>
> i do fully understand that it's not
sorry, unfortunatly i haven't got a full solution, just a suggestion. i
don't know how difficult any of this would be to implement, but i feel that
it could benefit the community by adding a little extra security.
i do fully understand that it's not gonna be 100% fool proof, or security
proof. ver
On Thu, 31 Jul 2003, skate wrote:
> > There is a directive to turn off uploads altogether. I don't see us going
> > beyond that. How are we supposed to detect executables? An executable is
> > extremely platform-dependant. I suppose we could suck all the code from
> > the UNIX 'file' command in
skate wrote:
well, i was more thinking of, by default, only allowing say images,
documents and compressed files.
[...]
i can fully understand that determining an executable is a mean task, and
way out of the scope for what PHP needs to be.
there are more image and document formats around than the
Rasmus Lerdorf wrote:
> I suppose we could suck all the code from the UNIX 'file' command into PHP
we already have ;)
someone at HP already did that for apache and i wrapped it up in ext/mime_magic
> The only way to upload a file and then execute it is to know
> a little bit about the web server
> There is a directive to turn off uploads altogether. I don't see us going
> beyond that. How are we supposed to detect executables? An executable is
> extremely platform-dependant. I suppose we could suck all the code from
> the UNIX 'file' command into PHP and try to determine a filetype fro
There is a directive to turn off uploads altogether. I don't see us going
beyond that. How are we supposed to detect executables? An executable is
extremely platform-dependant. I suppose we could suck all the code from
the UNIX 'file' command into PHP and try to determine a filetype from the
ma
i know i probably shouldn't be posting this in here, but i'm not sure where else to do
so. so please forgive me if this is the wrong place.
basically in PHP 5 is there going to be a php.ini directive to control uploads? so for
instance an ISP can restrict uploading of certain files, or only allo
10 matches
Mail list logo
