Hello,
Maybe I have missed something very obvious in the setup of PHP on our
Windows2000 server with IIS5. But I cannot seem to figure out how to stop
people from being able to "read" any file on the system they wish by simply
FOPENing the file. For instance, I tested this by writing a very simple php
script that would open c:\winnt\php.ini and display the contents. This is
obviously not something we want people to be able to do.
Short of removing the IUSR account from having read access to everything, is
there an easier way to stop PHP from allowing access outside a certain
directory?
Thanks,
Erick
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
