On Mon, 2009-08-17 at 20:16 +0530, kranthi wrote:
> >> That's a potential security flaw waiting to happen. A script like this
> >> shouldn't be kept in a web-accessible directory.
> /var/www is not the document root. document root is /var/www/html so I
> dont think there's a problem.
> >> /var/www (usually your server root)
> I am mistaken regarding this.
> for details (the location of httpd.conf may vary depending on your
> distro, but it is definitely located in /etc/)
> $ cat /etc/passwd | grep apache
> $ cat /etc/httpd/conf/httpd.conf | grep ^ServerRoot
> $ cat /etc/httpd/conf/httpd.conf | grep ^DocumentRoot
> $ cat /etc/httpd/conf/httpd.conf | grep ^User
> >> I have no access to that directory.
> seems you do not have access to any directory other than /home/user.
> but i dont think there's a work around, you'll have to request your
> administrator to move that file to /var/www directory (and retain
> 777).
> >> ls, pwd, and other commands run fine.
> i dont think "ls /home/user" will work fine.

Why move the script to somewhere that he can't access? If the existing
PHP scripts are all in /home/user then Apache is set up to allow the
local user filespace to be used as a web server area. As such, there
wouldn't be much point in trying to put the script in /var/www (assuming
that Apache is set up to use /var/www at all, on Suse for example it
uses /srv/www/)


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to