[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] php security
- Subject: Re: [cobalt-security] php security
- From: "Jan Wildeboer" <jan.wildeboer@xxxxxx>
- Date: Tue, 26 Mar 2002 08:38:43 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> So, tell me if Im right, if I set the open_basedir = . , then only the
files
> located where the php script is will be able to be opened useing fopen? Im
> right?
Yes. Though I don't know what happens when you store a php script in /etc
with '.' as base_dir :-)
> This is a serious issue... I have a php script wich lets me navigate the
> entire hard disk in a cobalt raq3. I have sent it to cobalt security
> people... but they just didn´t say a word about it
Which I can understand. This is your responsibility. You should know what
you are running :-) And RTFM is not asked too much, IMHO.
Jan Wildeboer