Right, but what I meant was if someone manages to upload their own PHP file to the lazarus server, they can easily have uploaded a PHP file manager which has the capability of deleting files, etc, without ever needing ssh/ftp (this assumes the attack was done through a vulnerable piece of software, that had write permissions, etc.)
I don't think this scenario is extremely likely. On Thu, Jan 28, 2010 at 2:42 AM, Florian Klaempfl <[email protected]>wrote: > Matt Shaffer schrieb: > > Well, there doesn't have to be shell/ftp for the person to have access > > to files ;) > > To ssh, you've to hack a vpn first ;) > > -- > _______________________________________________ > Lazarus mailing list > [email protected] > http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus >
-- _______________________________________________ Lazarus mailing list [email protected] http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
