Reply to Re: OT: security — PHP Programming Language

Posted by Michael Fesser on 11/03/07 05:19

..oO(william.hooper@gmail.com)

>Ok I am really impressed that you managed to edit my pages again even
>after I disallowed uploading of ".php*" files. But please tell me a
>way to get round it rather than (a) whitelist (b) only allowing types.
>Its really depressing not to be able to do this... there must be an
>easy trick you used... I am an average joe but this would be a cool
>thing...

I've already posted another possible solution (2.) in
<news:h927h3taqfelkbg5c2pq85juibe9qu7psu@4ax.com>.

If you don't allow direct downloads, but store all uploaded files in a
safe place outside the server's document root and deliver them with a
script, the web server can't execute any of them, which is the reason
for your current problem.

Micha

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация