Reply to PHP harm on WebDAV

Your name:

Reply:


Posted by Sensei on 10/03/92 11:54

Hi!

I was wondering about the feasibility of having PHP safer than I can
imagine right now.

This is the situation. Apache with webdav enabled for all users in
write mode. Let's say users have /home/username/www as their web sites.
In order to make it work, every www must have write permission set to
apache. This way people can upload their personal web sites via webdav.

Since PHP scripts run with the same username as apache, something like
this is possible:

<?
system('rm -rf /home/userThatIhate/www/*');
?>


Is anyone aware of a possible solution about this problem?

Thanks!

--
Sensei <senseiwa@mac.com>

The optimist thinks this is the best of all possible worlds.
The pessimist fears it is true. [J. Robert Oppenheimer]

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация