From owner-freebsd-isp@FreeBSD.ORG Fri Feb 20 21:23:27 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6A3016A4CE for ; Fri, 20 Feb 2004 21:23:27 -0800 (PST) Received: from ioda-txdap01.iodamedia.net (unknown [64.5.44.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id C563B43D2F for ; Fri, 20 Feb 2004 21:23:27 -0800 (PST) (envelope-from shawnm@iodamedia.net) Received: from localhost (localhost [127.0.0.1]) by ioda-txdap01.iodamedia.net (Postfix) with ESMTP id 2C4AC34704; Fri, 20 Feb 2004 23:18:22 -0600 (CST) Received: from zeus (CPE-65-31-214-62.kc.rr.com [65.31.214.62]) by ioda-txdap01.iodamedia.net (Postfix) with SMTP id B3C5E2C950; Fri, 20 Feb 2004 23:18:20 -0600 (CST) From: "Shawn Mitchell" To: "Freebsd-Isp" , "alan" Date: Fri, 20 Feb 2004 23:23:25 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <20040220201258.GA7902@localhost.localdomain> Importance: Normal X-Virus-Scanned: by AMaViS 0.3.12 Subject: RE: Apache and home directories (file browser). X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2004 05:23:28 -0000 It's just like any programming language. If you don't dot all of your i's and cross your 't's, then your open for something here and there. I'm not saying php-Nuke is bad, just that it's complicated enough, that chances are something's not double check here and there. Like any and ALL programming languages, YOU SHOULD NEVER TRUST YOUR INPUT. Check it, double check it, reverse it, check it again, and still don't trust it. my $0.02's worth (or $0.002 in England now) -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of alan Sent: Friday, February 20, 2004 2:13 PM To: freebsd-isp@freebsd.org Subject: Re: Apache and home directories (file browser). Please be aware that allowing uploads through php is quite insecure. A lot of php-Nuke hacks have been accomplished that way. google for security info on uploads through php. alan _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"