Thanks..i will check into the manual. Is the a possibility to automatically have raq allow php only to open the files within /home/sites/www.somedomain.com/web and nothing else and have this applied with every new site php is turned on ?
Thanks ! Miro -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jan Wildeboer Sent: Monday, March 25, 2002 8:30 AM To: [EMAIL PROTECTED] Subject: Re: [cobalt-security] php security > What would one have to do to stop this function in PHP or to limit the > access without killing any cobalt functions ? Read the manual: http://www.php.net/manual/en/configuration.php#ini.open-basedir Limit the files that can be opened by PHP to the specified directory-tree. When a script tries to open a file with, for example, fopen or gzopen, the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. The special value . indicates that the directory in which the script is stored will be used as base-directory. Under Windows, separate the directories with a semicolon. On all other systems, separate the directories with a colon. As an Apache module, open_basedir paths from parent directories are now automatically inherited. The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/" HTH Jan Wildeboer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
