On Mon, June 25, 2007 7:13 pm, Marius Toma wrote:
> I can not create .php files from PHP. I can save them as *.php5,
> *.php3,
> asp, *.txt , etc... but not as .php. I tried both touch and fopen but
> none of them worked.
>
> I'm running PHP 5.1.6 on Apache 2, safe_mode is off
>
> Is this a securit
On Wednesday 27 June 2007 06:32, Edward Vermillion wrote:
> Most /tmp directories are world rwx. So anyone that can log into the
> server through a shell, or any account running on the server, has at
> least read access to anything in the /tmp directory. They wouldn't
> need to do it through a web
... if you really couldn't write it as dynamic PHP -- you could also
save it in a database.
Edward Vermillion wrote:
On Jun 26, 2007, at 3:31 PM, Crayon Shin Chan wrote:
On Wednesday 27 June 2007 03:53, Daniel Brown wrote:
On 6/26/07, Al Rider <[EMAIL PROTECTED]> wrote:
I think most sy
On Jun 26, 2007, at 3:31 PM, Crayon Shin Chan wrote:
On Wednesday 27 June 2007 03:53, Daniel Brown wrote:
On 6/26/07, Al Rider <[EMAIL PROTECTED]> wrote:
I think most systems have a /tmp directory above the web dir, so
outsiders can't watch it anyhow.
True, but on an unsecured box, this
On 6/26/07, Crayon Shin Chan <[EMAIL PROTECTED]> wrote:
On Wednesday 27 June 2007 03:53, Daniel Brown wrote:
> On 6/26/07, Al Rider <[EMAIL PROTECTED]> wrote:
> > I think most systems have a /tmp directory above the web dir, so
> > outsiders can't watch it anyhow.
>
> True, but on an unsecure
On Wednesday 27 June 2007 03:53, Daniel Brown wrote:
> On 6/26/07, Al Rider <[EMAIL PROTECTED]> wrote:
> > I think most systems have a /tmp directory above the web dir, so
> > outsiders can't watch it anyhow.
>
> True, but on an unsecured box, this becomes possible, as Apache
> will most likely
On 6/26/07, Al Rider <[EMAIL PROTECTED]> wrote:
I think most systems have a /tmp directory above the web dir, so
outsiders can't watch it anyhow.
True, but on an unsecured box, this becomes possible, as Apache
will most likely be running universally as `nobody`, `httpd`,
`apache`, or `daemon
On 6/26/07, Al Rider <[EMAIL PROTECTED]> wrote:
I thought that the php engine took care of deleting tmp files when the
script ended.
Thus, if his script is terminated before his code deletes the file, the
engine will insure it's deleted. Otherwise, he should use an
ignore_user_abort().
You
On 6/26/07, Al <[EMAIL PROTECTED]> wrote:
Would it not be better to create the file with tmpfile() and to put it in the
system /tmp dir; which, I believe, is generally not in the webspace?
The problem here, though, Al, is that it relies on the server
admin not to be lazy, and to have the box
Would it not be better to create the file with tmpfile() and to put it in the
system /tmp dir; which, I believe, is generally not in the webspace?
Daniel Brown wrote:
On 6/26/07, Marius Toma <[EMAIL PROTECTED]> wrote:
I can not believe how stupid I can be sometime.
I was trying to create
You might also consider looking at variable variables and dynamic PHP
(writing and evaluating php expressions on the fly).
http://us.php.net/variables.variable
http://us.php.net/eval
Writing the PHP to a file could be a potential security vulnerability.
Especially if this was going to go int
On 6/26/07, Marius Toma <[EMAIL PROTECTED]> wrote:
I can not believe how stupid I can be sometime.
I was trying to create a file, but a file with the same name already
existed on the server - and I did not have the write permission to it,
so from here I got the error message saying that I can no
On 6/26/07, Daniel Brown <[EMAIL PROTECTED]> wrote:
On 6/26/07, Marius Toma <[EMAIL PROTECTED]> wrote:
> I can not believe how stupid I can be sometime.
>
> I was trying to create a file, but a file with the same name already
> existed on the server - and I did not have the write permission to it
On 6/26/07, Marius Toma <[EMAIL PROTECTED]> wrote:
I can not believe how stupid I can be sometime.
I was trying to create a file, but a file with the same name already
existed on the server - and I did not have the write permission to it,
so from here I got the error message saying that I can no
On 6/26/07, Marius Toma <[EMAIL PROTECTED]> wrote:
I can not believe how stupid I can be sometime.
I was trying to create a file, but a file with the same name already
existed on the server - and I did not have the write permission to it,
so from here I got the error message saying that I can no
I can not believe how stupid I can be sometime.
I was trying to create a file, but a file with the same name already
existed on the server - and I did not have the write permission to it,
so from here I got the error message saying that I can not create the
file :(
Thank for your time,
Mariu
On Jun 25, 2007, at 9:08 PM, jekillen wrote:
On Jun 25, 2007, at 5:13 PM, Marius Toma wrote:
I can not create .php files from PHP. I can save them as *.php5,
*.php3, asp, *.txt , etc... but not as .php. I tried both touch and
fopen but
none of them worked.
I'm running PHP 5.1.6 on Apache
On Jun 25, 2007, at 5:13 PM, Marius Toma wrote:
I can not create .php files from PHP. I can save them as *.php5,
*.php3, asp, *.txt , etc... but not as .php. I tried both touch and
fopen but
none of them worked.
I'm running PHP 5.1.6 on Apache 2, safe_mode is off
Is this a security measure
On 6/25/07, Marius Toma <[EMAIL PROTECTED]> wrote:
I can not create .php files from PHP. I can save them as *.php5, *.php3,
asp, *.txt , etc... but not as .php. I tried both touch and fopen but
none of them worked.
I'm running PHP 5.1.6 on Apache 2, safe_mode is off
Is this a security measure s
19 matches
Mail list logo
