| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308191955.02553.evan@coeus-group.com> From: evan at coeus-group.com (Evan Nemerson) Subject: securing php Take a look at the safe_mode and open_basedir configuration options for your php.ini. http://www.php.net/features.safe-mode Also, it may be worth it to look at using Apache with cygwin... Big performace hit, though. http://httpd.apache.org/docs/cygwin.html -Evan On Tuesday 19 August 2003 02:51 pm, Justin Shin wrote: > Hi all -- > > I have a friend that owns a web hosting company and recently he asked me to > check up on his security ... I found that PHP scripts could access, modify, > etc. anything on the drive. Of course, this is because PHP was invoked by > apache, which is being run as a root user (Administrator, he runs apache on > win2k3 for some odd reason) but I do not know the remedy. How could he set > up his apache/PHP so that only the users of his web hosting service could > "do stuff" to their own web directories. I know I am not explaining this > well, but I think you get the picture :) I also know there is a simple > solution to this, I googled it though and I couldn't find it. > > -- Justin > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists