Posted by Sensei on 12/17/92 11:54

Hi!

I was wondering about the feasibility of having PHP safer than I can
imagine right now.

This is the situation. Apache with webdav enabled for all users in
write mode. Let's say users have /home/username/www as their web sites.
In order to make it work, every www must have write permission set to
apache. This way people can upload their personal web sites via webdav.

Since PHP scripts run with the same username as apache, something like
this is possible:

<?
system('rm -rf /home/userThatIhate/www/*');
?>


Is anyone aware of a possible solution about this problem?

Thanks!

--
Sensei <senseiwa@mac.com>

The optimist thinks this is the best of all possible worlds.
The pessimist fears it is true. [J. Robert Oppenheimer]

• Next in forum: Re: Replace character (UTF-8)
• Prev in forum: Re: uploading form data then submitting form to payment site
• Thread view: PHP harm on WebDAV

[Reply to this message]