PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Using XML, a PHP Developer's Primer, Part 4: XML-RPC, PHP and Javascript
AJAX and PHP Part 2: XML Communication/Processing
Installing PHP under Xitami
Date Manipulation in Php
BitMasks - Emulate Unix Permissions in PHP

Re: [PHP-DEV] Security ALERT From: Derick Rethans (d.rethans <email protected>)
Date: 10/20/00

Next message: Derick Rethans: "[PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/shmop php_shmop.h shmop.c"
Previous message: Eric KASTLER: "[PHP-DEV] Security ALERT"
In reply to: Eric KASTLER: "[PHP-DEV] Security ALERT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Erhm,

I would say RTFM to this, see: http://www.php.net/manual/html/security.html

Derick

Eric KASTLER wrote:

> <<comments to the new php-3.0.12-win32 should be send to my email address or
> to php-dev <email protected>>>
>
> I am using php-3.0.12-win32 and got the following message, CAN YOU HELP ME ?
> :
>
> <<Security Alert! PHP CGI cannot be accessed directly.
> This PHP CGI binary was compiled with force-cgi-redirect enabled. This means
> that a page will only be served up if the REDIRECT_STATUS CGI variable is
> set. This variable is set, for example, by Apache's Action directive
> redirect.
> You may disable this restriction by recompiling the PHP binary with
> the --disable-force-cgi-redirect switch. If you do this and you have your
> PHP CGI binary accessible somewhere in your web tree, people will be able to
> circumvent .htaccess security by loading files through the PHP parser. A
> good way around this is to define doc_root in your php3.ini file to
> something other than your top-level DOCUMENT_ROOT. This way you can separate
> the part of your web space which uses PHP from the normal part using
> .htaccess security. If you do not have any .htaccess restrictions anywhere
> on your site you can leave doc_root undefined. >>
>
> Thank you in advance !
> Eric
>
> e-mail : awpfr <email protected>
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
> For additional commands, e-mail: php-dev-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>

-- Derick Rethans JDI Media Solutions

H.v.Tussenbroekstraat 1 6952 BL Dieren The Netherlands

e-mail: d.rethans <email protected> http://www.jdimedia.nl/

-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Derick Rethans: "[PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/shmop php_shmop.h shmop.c"
Previous message: Eric KASTLER: "[PHP-DEV] Security ALERT"
In reply to: Eric KASTLER: "[PHP-DEV] Security ALERT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]