Unfortunetly setting quotes (eg for apache user)doesnt prevent from flooding
out entire disk. For example i can have running a script that will check
user directories every 15 minutes and if some directory will contain large
amount of apache generated files, user account will be disabled and
"Raditha Dissanayake" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> M, very interesting thread, thanx for starting this. Good comments
curt.
>
>
> >>1. (!!!) Absolutely easily generate new sessions with any content for
every
> >>site on server.
> >>
> >>
> >
> >
> >
>
> It's be
M, very interesting thread, thanx for starting this. Good comments curt.
1. (!!!) Absolutely easily generate new sessions with any content for every
site on server.
It's because of the 'suspect' nature of sessions and cookies that i
never place userid,username or password in sessions
* Thus wrote John W. Holmes ([EMAIL PROTECTED]):
> >>You didnt understand. I change save.session_path to other's site session
> >>directory, do session_start(), write every variable what i want, write
> >>down
> >>session number, go to this site and using this generated session. You
> >>cannt
> >
You didnt understand. I change save.session_path to other's site session
directory, do session_start(), write every variable what i want, write down
session number, go to this site and using this generated session. You cannt
prevent this ever!
Does enabling safe_mode counter any of these writing
* Thus wrote Rx ([EMAIL PROTECTED]):
>
> "Curt Zirzow" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > * Thus wrote Rx ([EMAIL PROTECTED]):
> >
> > You can set the value with
> > php_admin_value save_path "/tmp"
>
> If i set php_admin_value, user STILL can change the value with
"Curt Zirzow" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> * Thus wrote Rx ([EMAIL PROTECTED]):
> > Theres absolutely no control over session.save_path parameter in php. By
> > setting it to every directory he wants, every user can:
>
> You can set the value with
> php_admin_value
* Thus wrote Rx ([EMAIL PROTECTED]):
> Theres absolutely no control over session.save_path parameter in php. By
> setting it to every directory he wants, every user can:
You can set the value with
php_admin_value save_path "/tmp"
>
> 1. (!!!) Absolutely easily generate new sessions with any cont
Theres absolutely no control over session.save_path parameter in php. By
setting it to every directory he wants, every user can:
1. (!!!) Absolutely easily generate new sessions with any content for every
site on server.
2. Delete other users sessions by setting gc to 100 and probably legal files
When I use session.save_handler = mm I can only make it work by setting
session.save_path = /dev/shm
Is that how it should be?
Regards, Jacob
www.sharksforum.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi,
I'm sorry, I know this is a commonly asked question, but I've checked every
suggestion offered here and in other groups/lists. Yet, I still get "Failed
to write session data (user). Please verify that the current setting of
session.save_path is correct (/tmp/php)"
I have save_path set to "/
thx John. That did the trick for me!
regards Wilbert
- Original Message -
From: "1LT John W. Holmes" <[EMAIL PROTECTED]>
To: "Wilbert Enserink" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, May 22, 2002 8:18 PM
Subject: Re: [PHP] ses
_
has permission to read/write to the directory you specify.
---John Holmes...
- Original Message -
From: "Wilbert Enserink" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 22, 2002 12:09 PM
Subject: [PHP] session.save_path
Hi all,
I'm trying to
Hi all,
I'm trying to install php/apache with phptriad. This worked fine,
however when I'm using session variables the thing goes nuts:
Warning: open(/tmp\sess_d22b57336449f89ad54b974794dd53f4, O_RDWR) failed: m (2) in
C:\apache\htdocs\dm\wwwtest\phpincludes\session\session.php on line 2
Warni
Which php.ini file u r changing?
Are u refering php.ini which is in C:\Windows directory?
- Original Message -
From: Tim Loram <[EMAIL PROTECTED]>
Date: Thursday, April 25, 2002 4:56 pm
Subject: [PHP] Session.save_path in php.ini
> Hi,
>
> Having some issues with the se
Hi,
Having some issues with the session.save_path value in php.ini
Whatever I change this value to it always ends up trying to save the
temporary session info in /tmp (the default setting in php.ini).
I can overide the value by setting a new path in the actual php script
using session_save_pa
Hiya..
Im using Apache 1.3.23 with php 4.1.2 (DSO mod) on a linux system as http
server
and a linux system with NFSv3, using (rw,no_root_squash,sync) on the
exported directories.
Since the plan is to use a load balancing system and 2 web servers
I've been trying to get the session data files to
Warning: open(/tmp\sess_1b7577b36d874741ed1e74b4bead0dfd, O_RDWR) failed: m
(2) in h:\program\apache\htdocs/boa/sessionTest.php on line 5
Warning: open(/tmp\sess_1b7577b36d874741ed1e74b4bead0dfd, O_RDWR) failed: m
(2) in Unknown on line 0
Warning: Failed to write session data (files). Please
Yo!
I'm sending this call for help once again, since I didn't get an answer to my problem
last time.
I'm working a little with sessions, but I get a message like this:
Warning: open(/tmp\sess_1b7577b36d874741ed1e74b4bead0dfd, O_RDWR) failed: m
(2) in h:\program\apache\htdocs/boa/sessionTest.p
19 matches
Mail list logo
