[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] php security

Subject: Re: [cobalt-security] php security
From: "Jan Wildeboer" <jan.wildeboer@xxxxxx>
Date: Mon, 25 Mar 2002 08:29:32 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> What would one have to do to stop this function in PHP or to limit the
> access without killing any cobalt functions ?

Read the manual:

http://www.php.net/manual/en/configuration.php#ini.open-basedir

Limit the files that can be opened by PHP to the specified directory-tree.

When a script tries to open a file with, for example, fopen or gzopen, the
location of the file is checked. When the file is outside the specified
directory-tree, PHP will refuse to open it. All symbolic links are resolved,
so it's not possible to avoid this restriction with a symlink.

The special value . indicates that the directory in which the script is
stored will be used as base-directory.

Under Windows, separate the directories with a semicolon. On all other
systems, separate the directories with a colon. As an Apache module,
open_basedir paths from parent directories are now automatically inherited.

The restriction specified with open_basedir is actually a prefix, not a
directory name. This means that "open_basedir = /dir/incl" also allows
access to "/dir/include" and "/dir/incls" if they exist. When you want to
restrict access to only the specified directory, end with a slash. For
example: "open_basedir = /dir/incl/"

HTH

Jan Wildeboer

Follow-Ups:
- RE: [cobalt-security] php security
  - From: Miro M.

References:
- [cobalt-security] php security
  - From: Miro M.

Prev by Date: [cobalt-security] php security
Next by Date: RE: [cobalt-security] php security
Previous by thread: [cobalt-security] php security
Next by thread: RE: [cobalt-security] php security

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index