[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] php security
- Subject: Re: [cobalt-security] php security
- From: Martín Fiumara <martinfiumara@xxxxxxxxxxx>
- Date: Mon, 25 Mar 2002 12:34:54 -0300
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
So, tell me if Im right, if I set the open_basedir = . , then only the files
located where the php script is will be able to be opened useing fopen? Im
right?
This is a serious issue... I have a php script wich lets me navigate the
entire hard disk in a cobalt raq3. I have sent it to cobalt security
people... but they just didn´t say a word about it
----- Original Message -----
From: "Jan Wildeboer" <jan.wildeboer@xxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, March 25, 2002 5:48 AM
Subject: Re: [cobalt-security] php security
> > Is the a possibility to automatically have raq allow php only to open
the
> > files within /home/sites/www.somedomain.com/web and nothing else and
have
> > this applied with every new site php is turned on ?
>
> The open base_dir restriction is set in php.ini. The simple solution would
> be to set it to /home/sites. The better solution would be to change
php.ini
> automagically when php is turned on. Maybe some RaQ-script guru wants to
> shed light on this?
>
> Jan Wildeboer
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>