Read up on safe_mode at http://php.net
--
Visit the Zend Store at http://www.zend.com/store/
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
- Original Message -
From: "Davydd Cook" [EMAIL PROTECTED]
Newsgroups: php.general
Sent: Friday, March 02, 2001 7:39 AM
Subject: [PHP] security concerns with PHP4 module
Greetings, all.
I'm a relative newcomer to PHP, looking into the possibilities of setting
up
a LAMP (Linux, Apache, MySQL, PHP, and Perl) platform for a new web
server.
We have everything set up and running currently, with PHP 4.04 running as
an
Apache module. We'd like to pitch this to the higher-ups as a good thing
for our site and our customers (who would also be able to use PHP), but we
first have to address some security concerns.
Namely, we're thinking it would be nice for users to be able to write
scripts which would generate and store files within their home
directories.
However, because PHP runs as nobody, any such file would essentially need
writable permission for every user. This leaves any PHP-written file
vulnerable to exploitation by anybody with a site on the server and some
knowledge of PHP.
Essentially, I'm wondering if there's any way in this situation for a PHP
script to inherit the permissions of the user that owns it. This would
allow us (and our users) to write freely within the confines of our own
directories. Nice thought, but I'm really beginning to wonder if it's
doable.
Any input or suggestions which could be offered would be very much
appreciated. Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
