I've decided to turn on/set safe_mode, document_root
and open_basedir in apache's httpd.conf in order to
make the scripts a little more secure (some upload
files such as image) in a virtual host.

Everything worked fine except for a couple of scripts.
Those scripts (used for file upload) first move (with
move_uploaded_file from /tmp to a folder/directory
located under the document root of the site.

The user verifies that he really wants that image and
then (another script) moves to the definitive

Since the 2 part was not working I've changed to use
the copy function and it gave me a 
"..SAFE MODE Restriction in effect.  The script whose
uid is X is not allowed to access
owned by uid Y (the web server) in
/home/httpd/html/somewhere/script.php3 on line 34" 

How do I solve this ?  For now I've disabled

But I am considering setting it back on and change
(somehow) the default upload dir to a new one. Since
move_uploaded_file still works (even with safe_mode) I
assume I will work but another problem arises.
The name of the uploded file (which I do not control)
is something like phpUKXh6R so how to tell the browser
of the correct mime-type ?  I do have the original

Changing the uid of the scripts to the same of the web
server seems to bring aditional security problems.


Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to