Date: Sat, 23 Aug 2003 20:21:44 +0100 From: =?iso-8859-1?Q?Marco_Gon=E7alves?= <info@kolorbit.com> To: <freebsd-isp@freebsd.org> Cc: Evren Yurtesen <eyurtese@tekniikka.turkuamk.fi> Subject: Re: php security Message-ID: <016101c369ab$ce10d6c0$511216c3@celeron1700> References: <Pine.A41.4.10.10308232148520.17502-100000@bessel.tekniikka.turkuamk.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, in the shell you should take that care, for ex:
ls -al on /home
dr-xrwx--- 8 www domain1 - 512 Aug 15 12:19 domain1/
dr-xrwx--- 9 www domain2 - 1024 Aug 23 15:51 domain2/
in web server with php these directives in httpd in each virtualhost dont
let others do something like <? readfile ('/home/domain/tmp/uploaded file ')
?> except the user in right domain
php_admin_value open_basedir "/home/domain/"
php_admin_value safe_mode_include_dir "/home/domain/"
----- Original Message -----
From: "Evren Yurtesen" <eyurtese@tekniikka.turkuamk.fi>
To: "Marco Gonçalves" <info@kolorbit.com>
Cc: <freebsd-isp@freebsd.org>
Sent: Saturday, August 23, 2003 7:51 PM
Subject: Re: php security
> Yes I see, but still the question is the same.
> When a user upload a file, how can I make it sure that only the user in
> shell and the web server can read this file?
>
> Evren
>
> On Sat, 23 Aug 2003, [Windows-1252] Marco Gonçalves wrote:
>
> > Email TemplateThis is allready been discussed here in this list some
weeks ago, here's what i use since
> >
> > <VirtualHost 81.31.32.19>
> > php_admin_flag safe_mode on
> > php_admin_value open_basedir "/home/domain/"
> > php_admin_value safe_mode_include_dir "/home/domain/"
> > php_admin_value upload_tmp_dir "/home/domain/tmp/"
> > *
> > </VirtualHost>
> > Best regards
> >
> > Marco Gonçalves
> > info@kolorbit.com
> >
> >
>
> --------------------------------------------------------------------------
> >
> > Web: http://www.kolorbit.com
> > Tm: 91 893 48 23 / 93 419 55 01 / 96 874 88 86
> > Seg. a Sáb. das 10h às 20h
> >
> >
> >
> >
>
> --------------------------------------------------------------------------
> >
> >
> > ----- Original Message -----
> > From: "Evren Yurtesen" <eyurtese@tekniikka.turkuamk.fi>
> > To: <freebsd-isp@freebsd.org>
> > Sent: Saturday, August 23, 2003 5:04 PM
> > Subject: php security
> >
> >
> > > I wonder how can I let users to upload files with php but have the
> > > safe_mode on also?
> > >
> > > Do you have any suggestions for virtual hosting environments?
> > >
> > > Evren
> > >
> > > _______________________________________________
> > > freebsd-isp@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
> > >
>
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?016101c369ab$ce10d6c0$511216c3>