ceo at l-i-e.com
Sat Oct 2 14:53:25 PDT 2004
John Oxley wrote:
> has gallery setup on his webpage and the albums directory is chmod
> 707'd so that httpd can write to it.
Does that user realize that everybody else on the server can use PHP to
write web content to that directory?...
Perhaps if a defacement example were demonstrated, he'd move those files
out of his web directory, and add in some PHP scripts to read/write the
image files with validation-checking, such as using
http://php.net/getimagesize to make sure the image file *IS* an image
> The problem is that httpd creates files as http:group and quota is not
> picking up that he is using more disk space than we want him to.
One possibility, if you are running Apache 2.0, is to set each PHP user on
a directory by directory basis in httpd.conf
Or so I've been told.
Never done it yet.
It cannot (readily) be done in Apache 1.x
More information about the freebsd-questions