On Monday 20 August 2001 3:21 am, Erick Baum wrote:
> Hello,
>
> Maybe I have missed something very obvious in the setup of PHP on our
> Windows2000 server with IIS5. But I cannot seem to figure out how to stop
> people from being able to "read" any file on the system they wish by simply
> FOPENing the file. For instance, I tested this by writing a very simple
> php script that would open c:\winnt\php.ini and display the contents. This
> is obviously not something we want people to be able to do.
>
> Short of removing the IUSR account from having read access to everything,
> is there an easier way to stop PHP from allowing access outside a certain
> directory?
You can use the open_basedir directive in php.ini to restrict fopen's access
to directories.
http://www.php.net/manual/en/configuration.php
Having said that, I suspect that it would be sensible to have a long hard
look at file permissions on your machine. I don't know about W2K, but on NT4,
the default setup leaves just about everything set with full control for
everybody. Do a google search for something like harden windows 2000, and you
should get some tips.
Cheers
--
Phil Driscoll
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
