[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[linux-security] Re: php3 module and security

From: "Levy Carneiro Jr." <levy fractal com br>
To: "Gavin M. Roy" <gmr nextpath com>
Cc: linux-security redhat com
Subject: [linux-security] Re: php3 module and security
Date: Fri, 09 Apr 1999 01:01:35 -0300

At 11:11 08/05/99 -0700, you wrote:
>Files in any web directory with the extention .php3 will be interpreted,
and no
>others will be unless specified to do so.  How is this a security breach?

	If a user in a ISP create a file .php3 with read/write functions, 
he'll have permissions to read/overwrite some private files.
I need a way to specify which directory will be viewed by the parser.

	In the php3.ini file there are some directives, but only for binary mode 
of using php3, not as module in apache.


	Thanks,
	lacj

---
<levy null net>
Levy Carneiro Jr.
Linux & Network Admin

Follow-Ups:
- [linux-security] Re: php3 module and security
  - From: Peter H. Lemieux

References:
- php3 module and security
  - From: Levy Carneiro Jr.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]