ID: 7822 Updated by: sniper Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Critical Bug Type: Apache related Operating system: PHP Version: 4.0.4 Assigned To: Comments: System security bugs are quite critical. This has to be addressed before 4.0.6 --Jani Previous Comments: --------------------------------------------------------------------------- [2001-05-07 12:52:28] [EMAIL PROTECTED] I guess the point is to prevent malicious users from crashing the server. --------------------------------------------------------------------------- [2001-05-07 12:35:23] [EMAIL PROTECTED] I don't see the point in accessing http://localhost/php/php.exe. So, why do you want to do that? --------------------------------------------------------------------------- [2001-05-04 03:41:23] [EMAIL PROTECTED] Now I use Apache/1.3.19 with PHP/4.0.5 for Windows 98 this problem still exists. Default setting will make system crash in Windows 98 if accessing something like http://localhost/php/php.exe I guess PHP at least should announce this problem (and I've made two of my friends crashed, sorry if they see this.). --------------------------------------------------------------------------- [2001-01-12 12:27:08] [EMAIL PROTECTED] cynic: This is a Great Idea! --------------------------------------------------------------------------- [2001-01-12 10:26:41] [EMAIL PROTECTED] indeed. a temporary workaround, if I may: <LocationMatch "/php/php(.exe)?"> deny from all </LocationMatch> This at least denies direct access to the executable, and thus gets you rid of the crashes. --------------------------------------------------------------------------- The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online. ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=7822&edit=2 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]