Unfortunetly setting quotes (eg for apache user)doesnt prevent from flooding
out entire disk. For example i can have running a script that will check
user directories every 15 minutes and if some directory will contain large
amount of apache generated files, user account will be disabled and
* Thus wrote Rx ([EMAIL PROTECTED]):
Theres absolutely no control over session.save_path parameter in php. By
setting it to every directory he wants, every user can:
You can set the value with
php_admin_value save_path /tmp
1. (!!!) Absolutely easily generate new sessions with any content
Curt Zirzow [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
* Thus wrote Rx ([EMAIL PROTECTED]):
Theres absolutely no control over session.save_path parameter in php. By
setting it to every directory he wants, every user can:
You can set the value with
php_admin_value save_path
* Thus wrote Rx ([EMAIL PROTECTED]):
Curt Zirzow [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
* Thus wrote Rx ([EMAIL PROTECTED]):
You can set the value with
php_admin_value save_path /tmp
If i set php_admin_value, user STILL can change the value with ini_set()! I
You didnt understand. I change save.session_path to other's site session
directory, do session_start(), write every variable what i want, write down
session number, go to this site and using this generated session. You cannt
prevent this ever!
Does enabling safe_mode counter any of these writing
* Thus wrote John W. Holmes ([EMAIL PROTECTED]):
You didnt understand. I change save.session_path to other's site session
directory, do session_start(), write every variable what i want, write
down
session number, go to this site and using this generated session. You
cannt
prevent this
M, very interesting thread, thanx for starting this. Good comments curt.
1. (!!!) Absolutely easily generate new sessions with any content for every
site on server.
It's because of the 'suspect' nature of sessions and cookies that i
never place userid,username or password in
Raditha Dissanayake [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
M, very interesting thread, thanx for starting this. Good comments
curt.
1. (!!!) Absolutely easily generate new sessions with any content for
every
site on server.
It's because of the 'suspect'
thx John. That did the trick for me!
regards Wilbert
- Original Message -
From: 1LT John W. Holmes [EMAIL PROTECTED]
To: Wilbert Enserink [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, May 22, 2002 8:18 PM
Subject: Re: [PHP] session.save_path
You have to set
You have to set the session.save_path to a path on your machine that PHP can
write session files to. You can make a temp folder in your C: drive and then
set the path to c:/temp or c:\\temp or create and set it to any other folder
you want. Make sure (if you're using NTFS) that user
Which php.ini file u r changing?
Are u refering php.ini which is in C:\Windows directory?
- Original Message -
From: Tim Loram [EMAIL PROTECTED]
Date: Thursday, April 25, 2002 4:56 pm
Subject: [PHP] Session.save_path in php.ini
Hi,
Having some issues with the session.save_path
Warning: open(/tmp\sess_1b7577b36d874741ed1e74b4bead0dfd, O_RDWR) failed: m
(2) in h:\program\apache\htdocs/boa/sessionTest.php on line 5
Warning: open(/tmp\sess_1b7577b36d874741ed1e74b4bead0dfd, O_RDWR) failed: m
(2) in Unknown on line 0
Warning: Failed to write session data (files). Please
12 matches
Mail list logo
