On Fri, October 20, 2006 8:24 am, chris smith wrote:
> php running through apache:
>
> mkdir('/path/to/dir');
> ?>
>
> Making that in a "shared" location will allow *any* domain to write to
> it, read from it or delete it (forget about possible open_basedir
> restrictions).
If 'nobody' can read/
On Fri, October 20, 2006 12:49 am, Chris wrote:
> A shared user (like "www" or "nobody") is a *much* bigger risk than
> separate users.
*MUST* we go through all the permutations of "What if..." for these
two scenarios again?
The Risk cannot be evaluated outside the context of everything else
you
On Thu, October 19, 2006 1:49 pm, Tom Ray [Lists] wrote:
> Is it possible to have a PHP script execute as the user of the domain
> instead of the webserver? So when I upload files through a PHP script
> they are owned by me and not "wwwrun" or "nobody"?
On a dedicated server, it's trivial to do it
On Sat, 21 Oct 2006 14:41:11 +1000, chris smith wrote:
> On 10/21/06, Jochem Maas <[EMAIL PROTECTED]> wrote:
>> chris smith wrote:
>> > On 10/21/06, Ivo F.A.C. Fokkema <[EMAIL PROTECTED]> wrote:
>> >> On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote:
>> >>
>> >> > On 10/20/06, Ivo F.A.C. Fokk
On 10/21/06, Jochem Maas <[EMAIL PROTECTED]> wrote:
chris smith wrote:
> On 10/21/06, Ivo F.A.C. Fokkema <[EMAIL PROTECTED]> wrote:
>> On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote:
>>
>> > On 10/20/06, Ivo F.A.C. Fokkema <[EMAIL PROTECTED]> wrote:
>> >>
>> >> To my experience, apa
chris smith wrote:
> On 10/21/06, Ivo F.A.C. Fokkema <[EMAIL PROTECTED]> wrote:
>> On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote:
>>
>> > On 10/20/06, Ivo F.A.C. Fokkema <[EMAIL PROTECTED]> wrote:
>> >>
>> >> To my experience, apache (with PHP running as www-data or nobody or
>> >> w
On 10/21/06, Ivo F.A.C. Fokkema <[EMAIL PROTECTED]> wrote:
On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote:
> On 10/20/06, Ivo F.A.C. Fokkema <[EMAIL PROTECTED]> wrote:
>> On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote:
>>
>> > Andy Hultgren wrote:
>> >> To whoever was asking this (sorry
On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote:
> On 10/20/06, Ivo F.A.C. Fokkema <[EMAIL PROTECTED]> wrote:
>> On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote:
>>
>> > Andy Hultgren wrote:
>> >> To whoever was asking this (sorry didn't see the original email):
>> >>
>> Is it possible
On 10/20/06, Ivo F.A.C. Fokkema <[EMAIL PROTECTED]> wrote:
On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote:
> Andy Hultgren wrote:
>> To whoever was asking this (sorry didn't see the original email):
>>
Is it possible to have a PHP script execute as the user of the domain
instead of th
On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote:
> Andy Hultgren wrote:
>> To whoever was asking this (sorry didn't see the original email):
>>
Is it possible to have a PHP script execute as the user of the domain
instead of the webserver? So when I upload files through a PHP script
>>>
Andy Hultgren wrote:
To whoever was asking this (sorry didn't see the original email):
Is it possible to have a PHP script execute as the user of the domain
instead of the webserver? So when I upload files through a PHP script
they are owned by me and not "wwwrun" or "nobody"?
I was recently
To whoever was asking this (sorry didn't see the original email):
Is it possible to have a PHP script execute as the user of the domain
instead of the webserver? So when I upload files through a PHP script
they are owned by me and not "wwwrun" or "nobody"?
I was recently exchanging on this lis
Christian Heinrich wrote:
try suPHP :-)
Is it possible to have a PHP script execute as the user of the domain
instead of the webserver? So when I upload files through a PHP script
they are owned by me and not "wwwrun" or "nobody"?
Sounds like it could be a big security issue if not very ca
try suPHP :-)
Is it possible to have a PHP script execute as the user of the domain
instead of the webserver? So when I upload files through a PHP script
they are owned by me and not "wwwrun" or "nobody"?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.ph
14 matches
Mail list logo
