Heya folks. I'm using Windows 98SE, Apache 1.3.6, and PHP 4.1.3 as an Apache module. My question concerns security in this environment. Since there are no real "users" in Win9x, is the Apache/PHP combo able to do whatever the heck it wants to my filesystem?

I'm not versed in PHP yet, but from the things I've read, it looks like filesystem objects can be read, written, or modified, and since Win9x has no user-level security in it, I'm basically screwed if someone decides to put a malicious PHP file on my server.

Does this sound right?

Thanks,

Rick Kunkel

Yep. So a good thing to do is to remove the ability to upload files from php.ini.

Justin

You are running a public web server under this configuration ?!

You should seriously think about upgrading to a more appropriate os like linux/freebsd!

-ingmar