 |
 |
Find a programming school near you
php-db | 2004071
Date: 07/13/04
- Next message: Ed Lazor: "RE: [PHP-DB] Security Issues"
- Previous message: Jonathan Haddad: "[PHP-DB] Security Issues"
- In reply to: Jonathan Haddad: "[PHP-DB] Security Issues"
- Next in thread: Ed Lazor: "RE: [PHP-DB] Security Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jonathan Haddad wrote:
> so I've been doing a little thinking about web server security..
>
> #1. Since all files on the web are 644, what is to stop someone on the
> same server from copying your files to their own directory?
> (specifically your database connection info)
> #2. if a folder if 777, what's to stop someone from writing to that folder?
Answer to both questions is a combination of SAFE_MODE and open_basedir
restrictions among other things discussed on the manual pages for those
functions / features.
If those restrictions are not in place, then nothing is stopping someone
on the same server to read/write in your filespace with PHP.
-- ---John Holmes...Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
- Next message: Ed Lazor: "RE: [PHP-DB] Security Issues"
- Previous message: Jonathan Haddad: "[PHP-DB] Security Issues"
- In reply to: Jonathan Haddad: "[PHP-DB] Security Issues"
- Next in thread: Ed Lazor: "RE: [PHP-DB] Security Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
