Op donderdag 15 augustus 2002 01:03, schreef u: > So, if somebody gets an ftp account somehow, he will be able to get session > vars via a system() command?
You holds him in its own dir by the chroot setting of you ftpserver. > via a system(); you mean if they upload a php file? prevent that with your php.ini settings: open_basedir string: Limit the files that can be opened by PHP to the specified directory-tree. or safe_mode boolean Whether to enable PHP's safe mode. Read the Security and Safe Mode chapters for more information. if you allow cgi, you must built the same sort restrictions for that too. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php