On Mon, 2004-11-22 at 23:54, Antonio Rodriguez wrote: [...] > I will need to use uploading of pictures in a website, and it seems to > me that this was the window used by (who/what)ever entered. Do you > have any recommendations about security measures related to this? > May creating some chroot environment, and then "file > pic" and make a decision from there, who knows. Any pointers to this > will be greatly appreciated.
Check out the november 2004 issue (# 48) of linux magazine (https://www.linux-magazine.com/issue/48), it has an article on securing PHP scripts/servers which you might find interesting. Among other things it explains that "Safe_mode" isn't as safe as the name suggests. ATM the article isn't available online so I'll include the URL's of the article: [1] PHP documentation: http://www.php.net/docs.php [2] Manual on PHP security: http://de2.php.net/manual/de/security.index.php [3] Marc Heuse, "Installing a Secure Web Server": http://www.suse.de/de/private/support/online_help/howto/secure_webserv/ [4] Criticism of PHP safe_mode: http://ilia.ws/archives/18_PHPs_safe_mode_or_how_not_to_implement_security.html HTH Bram -- # Mertens Bram "M8ram" <[EMAIL PROTECTED]> Linux User #349737 # # SuSE Linux 8.2 (i586) kernel 2.4.20-4GB i686 512MB RAM # # 1:49pm up 10 days 4:32, 11 users, load average: 0.15, 0.23, 0.10 # -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
