Pablo,
I tested Chris's script on our systems, and couldn't browse anywhere other than my own directories, so it is possible to set php up on shared hosts that is a lot more secure than what your host has done.
May I ask what host this is ? Is it a major one ?
Tim.
At 02:09 PM 9/26/2004, Pablo Gosse wrote:
[snip] In short, what you've found is typical for most shared hosts [/snip]
I've just been reviewing the way sites are housed on my host, and what directories are readable by the web server and I'm curious to get opinions on this.
When I use Chris' file browser script, there is a folder called 'virtual' in the site root, and it is readable by the web browser.
Inside /virtual there are three folders for every site, which I list below.
------ site357 pablogosse.com admin357 ------
Browsing these for my site I see the following:
site357:
4096 ./ 20480 ../ 4096 fst/ 4096 info/
pablogosse.com and admin357:
4096 ./ 4096 ../ 4096 bin/ 4096 boot/ 4096 dev/ 4096 etc/ 4096 home/ 4096 initrd/ 4096 lib/ 4096 mnt/ 4096 opt/ 4096 proc/ 4096 root/ 4096 sbin/ 4096 tmp/ 4096 usr/ 4096 var/ 498 subdomain 4096 mysql/ 7392 dump.xml
Also, if I browse the fst/ folder inside site357, I get the same results as pablogosse.com and admin357.
I'm then able to browse freely through all the above folders except /home and /root.
I'm no security expert so I have to ask, is this indeed normal?
Cheers and TIA.
Pablo
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
SimpleNet's Back ! http://www.simplenet.com
