Re: PHP harm on WebDAV — PHP Programming Language

You are here: Re: PHP harm on WebDAV « PHP Programming Language « IT news, forums, messages

Posted by Miguel Cruz on 11/24/14 11:54

Sensei <senseiwa@mac.com> wrote:
> Since PHP scripts run with the same username as apache, something like
> this is possible:
>
> <?
> system('rm -rf /home/userThatIhate/www/*');
> ?>
>
>
> Is anyone aware of a possible solution about this problem?

Disable system() and similar functions. You will not have security in a
multi-untrusted-user environment when running PHP as an Apache module
unless you do this.

miguel
--
Photos from 40 countries on 5 continents: http://travel.u.nu
Latest photos: Malaysia; Thailand; Singapore; Spain; Morocco
Airports of the world: http://airport.u.nu

Navigation:

Next in forum: Re: Case sensitivity in programming languages.
Prev in forum: Re: parsing an xml file via php
Thread view: Re: PHP harm on WebDAV

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация