Posted by Virginner on 12/17/05 11:54

"Sensei" <senseiwa@mac.com> wrote in message
news:44d09bd8$0$35076$4fafbaef@reader4.news.tin.it...
| Hi!
|
| I was wondering about the feasibility of having PHP safer than I can
| imagine right now.
|
| This is the situation. Apache with webdav enabled for all users in
| write mode. Let's say users have /home/username/www as their web sites.
| In order to make it work, every www must have write permission set to
| apache. This way people can upload their personal web sites via webdav.
|
| Since PHP scripts run with the same username as apache, something like
| this is possible:
|
| <?
| system('rm -rf /home/userThatIhate/www/*');
| ?>
|
|
| Is anyone aware of a possible solution about this problem?

Make sure safe_mode is on... ?

• Next in forum: Re: Case sensitivity in programming languages.
• Prev in forum: creating image/area maps on dynamic images
• Thread view: Re: PHP harm on WebDAV

[Reply to this message]