Re: php security

From: Marco Gonçalves (info_at_kolorbit.com)
Date: 08/23/03

  • Next message: Sean Ellis: "Re: sendmail sasl configuration" 
    To: <freebsd-isp@freebsd.org>
Date: Sat, 23 Aug 2003 20:21:44 +0100

    Well, in the shell you should take that care, for ex:

    ls -al on /home

    dr-xrwx--- 8 www domain1 - 512 Aug 15 12:19 domain1/
    dr-xrwx--- 9 www domain2 - 1024 Aug 23 15:51 domain2/

    in web server with php these directives in httpd in each virtualhost dont
    let others do something like <? readfile ('/home/domain/tmp/uploaded file ')
    ?> except the user in right domain

    php_admin_value open_basedir "/home/domain/"
    php_admin_value safe_mode_include_dir "/home/domain/"

    ----- Original Message -----
    From: "Evren Yurtesen" <eyurtese@tekniikka.turkuamk.fi>
    To: "Marco Gonçalves" <info@kolorbit.com>
    Cc: <freebsd-isp@freebsd.org>
    Sent: Saturday, August 23, 2003 7:51 PM
    Subject: Re: php security

    > Yes I see, but still the question is the same.
    > When a user upload a file, how can I make it sure that only the user in
    > shell and the web server can read this file?
    >
    > Evren
    >
    > On Sat, 23 Aug 2003, [Windows-1252] Marco Gonçalves wrote:
    >
    > > Email TemplateThis is allready been discussed here in this list some
    weeks ago, here's what i use since
    > >
    > > <VirtualHost 81.31.32.19>
    > > php_admin_flag safe_mode on
    > > php_admin_value open_basedir "/home/domain/"
    > > php_admin_value safe_mode_include_dir "/home/domain/"
    > > php_admin_value upload_tmp_dir "/home/domain/tmp/"
    > > *
    > > </VirtualHost>
    > > Best regards
    > >
    > > Marco Gonçalves
    > > info@kolorbit.com
    > >
    > >
    >
    > --------------------------------------------------------------------------
    > >
    > > Web: http://www.kolorbit.com
    > > Tm: 91 893 48 23 / 93 419 55 01 / 96 874 88 86
    > > Seg. a Sáb. das 10h às 20h
    > >
    > >
    > >
    > >
    >
    > --------------------------------------------------------------------------
    > >
    > >
    > > ----- Original Message -----
    > > From: "Evren Yurtesen" <eyurtese@tekniikka.turkuamk.fi>
    > > To: <freebsd-isp@freebsd.org>
    > > Sent: Saturday, August 23, 2003 5:04 PM
    > > Subject: php security
    > >
    > >
    > > > I wonder how can I let users to upload files with php but have the
    > > > safe_mode on also?
    > > >
    > > > Do you have any suggestions for virtual hosting environments?
    > > >
    > > > Evren
    > > >
    > > > _______________________________________________
    > > > freebsd-isp@freebsd.org mailing list
    > > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    > > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
    > > >
    >
    > _______________________________________________
    > freebsd-isp@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
    >

    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

  • Next message: Sean Ellis: "Re: sendmail sasl configuration"

    Relevant Pages

    • Re: Ruby performance woes
      ... Now here's my take on all this: PHP and JSP and what I inquired ... S-expressions used as a directly alternate expression of SGML or XML. ... By the way, I've never had access to a Web server that can run ASP, ...
      (comp.lang.lisp)
    • Re: PHP-Yes, HTML-No --- Why?
      ... Because the files, when downloaded, are called .php and have absolutely no php in them:) ... But the extension doesn't match the contents of the file. ... Surely a dynamic web server should appear exactly the same as a static one - all files that contain HTML when viewed should be called .html. ...
      (comp.lang.php)
    • Re: standard coding...
      ... >> So the file, once spat out, should be called .html. ... >> still call php files .php even after they've been passed. ... The web server or the maintainer? ... Making sure your extensions match your content is ...
      (comp.lang.php)
    • Re: PHP [win32] & CLI Testers needed.
      ... written, lets just say to create shell emulation for now, and have ... My previous attempts to create the source below, ended with the loop ... finally resolve any issues due to this problem in PHP compatibility. ... Debug Warning: testforLinuxUser.php line 24 - stream_select: supplied argument is not a valid stream resource ...
      (php.general)
    • Shell Games
      ... We had no such mandate for the new web server. ... or Novell's login scripts to get network scripting done. ... I never had to chang a shell, ... CSHELL and BASH all on the same machine? ...
      (freebsd-newbies)