php security

Marco Gonçalves info at kolorbit.com
Sat Aug 23 12:25:02 PDT 2003 

Well, in the shell you should take that care, for ex:

ls -al on /home

dr-xrwx---   8 www   domain1    -  512 Aug 15 12:19 domain1/
dr-xrwx---   9 www   domain2    - 1024 Aug 23 15:51 domain2/

in web server with php these directives in httpd in each virtualhost dont
let others do something like <? readfile ('/home/domain/tmp/uploaded file ')
?> except the user in right domain

php_admin_value open_basedir "/home/domain/"
php_admin_value safe_mode_include_dir "/home/domain/"

----- Original Message ----- 
From: "Evren Yurtesen" <eyurtese at tekniikka.turkuamk.fi>
To: "Marco Gonçalves" <info at kolorbit.com>
Cc: <freebsd-isp at freebsd.org>
Sent: Saturday, August 23, 2003 7:51 PM
Subject: Re: php security


> Yes I see, but still the question is the same.
> When a user upload a file, how can I make it sure that only the user in
> shell and the web server can read this file?
>
> Evren
>
> On Sat, 23 Aug 2003, [Windows-1252] Marco Gonçalves wrote:
>
> > Email TemplateThis is allready been discussed here in this list some
weeks ago, here's what i use since
> >
> > <VirtualHost 81.31.32.19>
> > php_admin_flag safe_mode on
> > php_admin_value open_basedir "/home/domain/"
> > php_admin_value safe_mode_include_dir "/home/domain/"
> > php_admin_value upload_tmp_dir "/home/domain/tmp/"
> > *
> > </VirtualHost>
> > Best regards
> >
> > Marco Gonçalves
> > info at kolorbit.com
> >
> >
>
> --------------------------------------------------------------------------
> >
> >       Web: http://www.kolorbit.com
> >       Tm: 91 893 48 23 / 93 419 55 01 / 96 874 88 86
> >       Seg. a Sáb. das 10h às 20h
> >
> >
> >
> >
>
> --------------------------------------------------------------------------
> >
> >
> > ----- Original Message ----- 
> > From: "Evren Yurtesen" <eyurtese at tekniikka.turkuamk.fi>
> > To: <freebsd-isp at freebsd.org>
> > Sent: Saturday, August 23, 2003 5:04 PM
> > Subject: php security
> >
> >
> > > I wonder how can I let users to upload files with php but have the
> > > safe_mode on also?
> > >
> > > Do you have any suggestions for virtual hosting environments?
> > >
> > > Evren
> > >
> > > _______________________________________________
> > > freebsd-isp at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
> > >
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>

More information about the freebsd-isp mailing list