Hi. I have a webserver running with a couple of users as virtual hosts in Apache.
I read this article from IBM http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html (look for "Guard your filesystem") and testet the PHP script on an Etch installation, and the script serves files such as /etc/passwd and others. What is the best and correct way to protect the server from users who might upload such a script on their web directory? I don't want to run Apache in a chroot. Best regards. Rico -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
