on 17/07/02 6:51 PM, John Holmes ([EMAIL PROTECTED]) wrote: >> ... and I am -- A shared host server that is. > > Now I'm not sure on this, I haven't tested it. Has anyone?
Is this particular vulnerability only in existence when the server is pretty open? I mean, on my particular host, I can't FTP to anything outside my docroot, and I can't use SSH, telnet, etc. phpinfo() says my session.save-path is /tmp -- since (in theory) I can't get the files via telnet, FTP or HTTP, the only option I can think of would be another user on the host gaining access to it via a PHP script... which I'm not sure can be done, and can't really test, because I wouldn't know how to do it. Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
