[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] php security

Subject: Re: [cobalt-security] php security
From: "Jan Wildeboer" <jan.wildeboer@xxxxxx>
Date: Tue, 26 Mar 2002 08:38:43 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> So, tell me if Im right, if I set the open_basedir = . , then only the
files
> located where the php script is will be able to be opened useing fopen? Im
> right?

Yes. Though I don't know what happens when you store a php script in /etc
with '.' as base_dir :-)

> This is a serious issue... I have a php script wich lets me navigate the
> entire hard disk in a cobalt raq3. I have sent it to cobalt security
> people... but they just didn´t say a word about it

Which I can understand. This is your responsibility. You should know what
you are running :-) And RTFM is not asked too much, IMHO.

Jan Wildeboer

References:
- RE: [cobalt-security] php security
  - From: Miro M.
- Re: [cobalt-security] php security
  - From: Jan Wildeboer
- Re: [cobalt-security] php security
  - From: Martín Fiumara

Prev by Date: Re: Fw: [cobalt-security] stunnel and outlook
Next by Date: Re[2]: Fw: [cobalt-security] stunnel and outlook
Previous by thread: Re: [cobalt-security] php security
Next by thread: Re: [cobalt-security] php security

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index