php security
Marco Gonçalves
info at kolorbit.com
Sat Aug 23 12:25:02 PDT 2003
Well, in the shell you should take that care, for ex:
ls -al on /home
dr-xrwx--- 8 www domain1 - 512 Aug 15 12:19 domain1/
dr-xrwx--- 9 www domain2 - 1024 Aug 23 15:51 domain2/
in web server with php these directives in httpd in each virtualhost dont
let others do something like <? readfile ('/home/domain/tmp/uploaded file ')
?> except the user in right domain
php_admin_value open_basedir "/home/domain/"
php_admin_value safe_mode_include_dir "/home/domain/"
----- Original Message -----
From: "Evren Yurtesen" <eyurtese at tekniikka.turkuamk.fi>
To: "Marco Gonçalves" <info at kolorbit.com>
Cc: <freebsd-isp at freebsd.org>
Sent: Saturday, August 23, 2003 7:51 PM
Subject: Re: php security
> Yes I see, but still the question is the same.
> When a user upload a file, how can I make it sure that only the user in
> shell and the web server can read this file?
>
> Evren
>
> On Sat, 23 Aug 2003, [Windows-1252] Marco Gonçalves wrote:
>
> > Email TemplateThis is allready been discussed here in this list some
weeks ago, here's what i use since
> >
> > <VirtualHost 81.31.32.19>
> > php_admin_flag safe_mode on
> > php_admin_value open_basedir "/home/domain/"
> > php_admin_value safe_mode_include_dir "/home/domain/"
> > php_admin_value upload_tmp_dir "/home/domain/tmp/"
> > *
> > </VirtualHost>
> > Best regards
> >
> > Marco Gonçalves
> > info at kolorbit.com
> >
> >
>
> --------------------------------------------------------------------------
> >
> > Web: http://www.kolorbit.com
> > Tm: 91 893 48 23 / 93 419 55 01 / 96 874 88 86
> > Seg. a Sáb. das 10h às 20h
> >
> >
> >
> >
>
> --------------------------------------------------------------------------
> >
> >
> > ----- Original Message -----
> > From: "Evren Yurtesen" <eyurtese at tekniikka.turkuamk.fi>
> > To: <freebsd-isp at freebsd.org>
> > Sent: Saturday, August 23, 2003 5:04 PM
> > Subject: php security
> >
> >
> > > I wonder how can I let users to upload files with php but have the
> > > safe_mode on also?
> > >
> > > Do you have any suggestions for virtual hosting environments?
> > >
> > > Evren
> > >
> > > _______________________________________________
> > > freebsd-isp at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
> > >
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
More information about the freebsd-isp
mailing list