On 03 October 2003 05:06, John Taylor-Johnston wrote: > Brian or anyone, > > Ok, supposing I don't want someone to be able to use <script > language="php"> and I'm the paranoid sysadmin, (WebCT system > see open source moodle.org). What advice would you give me? > Students are allowed to upload files to my server through a > special ftp account. Already, they can't upload files with > *.pl, *.php or *.asp etc. But I need to enable php in *.htm > files for myself.
How about using your Web-server settings to restrict php to process only directories to which you have sole access rights? Any directories to which your students could upload would then not run php even if they upload it! This is trivial in Apache, for example, by placing your AddType application/x-httpd-php directive within a <Directory ...> container. Cheers! Mike --------------------------------------------------------------------- Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
