[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] php security
- Subject: RE: [cobalt-security] php security
- From: "Miro M." <miro.majcen@xxxxxxxx>
- Date: Mon, 25 Mar 2002 09:00:00 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Thanks..i will check into the manual.
Is the a possibility to automatically have raq allow php only to open the
files within /home/sites/www.somedomain.com/web and nothing else and have
this applied with every new site php is turned on ?
Thanks !
Miro
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Jan Wildeboer
Sent: Monday, March 25, 2002 8:30 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] php security
> What would one have to do to stop this function in PHP or to limit the
> access without killing any cobalt functions ?
Read the manual:
http://www.php.net/manual/en/configuration.php#ini.open-basedir
Limit the files that can be opened by PHP to the specified directory-tree.
When a script tries to open a file with, for example, fopen or gzopen, the
location of the file is checked. When the file is outside the specified
directory-tree, PHP will refuse to open it. All symbolic links are resolved,
so it's not possible to avoid this restriction with a symlink.
The special value . indicates that the directory in which the script is
stored will be used as base-directory.
Under Windows, separate the directories with a semicolon. On all other
systems, separate the directories with a colon. As an Apache module,
open_basedir paths from parent directories are now automatically inherited.
The restriction specified with open_basedir is actually a prefix, not a
directory name. This means that "open_basedir = /dir/incl" also allows
access to "/dir/include" and "/dir/incls" if they exist. When you want to
restrict access to only the specified directory, end with a slash. For
example: "open_basedir = /dir/incl/"
HTH
Jan Wildeboer
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security