Christian Holler wrote:
> I have a big security hole in my php and I cannot get out why:
> Operating system: Windows XP
> PHP version: 4.1.1
> Bug description: Script accesses harddrive. what did I do wrong?
> I installed Apache 1.3.20 with PHP and now I saw, a php script can show
> my complete harddrive remotly. I don't know if it is a bug in php, I
> think not, I think I configured something wrong but I have ABSOLUTLY no
> idea what and I didn't find help anywhere. maybe you can tell me what
> this could be.
> thanks a lot
> P.S.: how can I configure that scripts only access things in the directory
> they where executed or in their subdirs?
> Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr!
> Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13
Do not quote me but I think your apache settings may be incorrect. I think
you can limit your Server Side Scripts to certain directories.
"Private faces in public places,
Are wiser and nicer,
Than public faces in private places."
Wystan Hugh Auden
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]