> >How about running PHP in safe mode? In safe mode (as far as I >understand) user scripts can only access files with the same uid.
Hm but they do have the same uid as they are uploaded via http and under the webserver user ... > >On Tue, 2003-02-25 at 20:15, debian-isp wrote: >> Hi all ! >> >> I am just asking myself how to secure our webserver with a couple of >> virtual hosts. >> Currently we have a large installation of typo3 running. It >has a feature called fileadmin with which you can easily >upload files. As it is thereby possible to upload php scripts >and execute via the browser it is to my opionion possible to >access other users files. As the webserver and the files all >have the same user, needed by the system. >> Is there a way to secure this: >> >> - chrooting virtual hosts in apache ? >> - running multiple instances of apache >> - some kind of security system with users and groups >> - using directory settings ? >> >> Any ideas >> >> __________________________________________________________ >> Nik Engel NETWAYS GmbH >> Senior Systems Engineer Deutschherrnstr. 47a >> Fon.0911/92885-13 D-90429 Nürnberg >> Fax.0911/92885-33 >> [EMAIL PROTECTED] www.netways.de >> > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]