[PHP] Re: PHP Security Alert for Apache/Win32
Wow!, i tried it and it really works, this is serious man! is there a fix around it without safe mode like GED suggested? Folks running Apache/Win32 should read this: http://www.securiteam.com/windowsntfocus/5ZP030U60U.html If you run in CGI mode you likely have a line similar to the following in your httpd.conf: ScriptAlias /php/ \C:php\ Also, if you run SAPI mode (apache plugin mode) and used to run CGI, make sure that that line is commented out. Has someone else got an idea for a workaround, without having to go into safe-mode? Would safe-mode be able to prevent this? -GED Northern.CA ===-- http://www.northern.ca Canada\'s Search Engine -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: PHP Security Alert for Apache/Win32
Can you not just delete the ScriptAlias line? What does that line actually do apart from create an Alias? LJ David [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Wow!, i tried it and it really works, this is serious man! is there a fix around it without safe mode like GED suggested? Folks running Apache/Win32 should read this: http://www.securiteam.com/windowsntfocus/5ZP030U60U.html If you run in CGI mode you likely have a line similar to the following in your httpd.conf: ScriptAlias /php/ \C:php\ Also, if you run SAPI mode (apache plugin mode) and used to run CGI, make sure that that line is commented out. Has someone else got an idea for a workaround, without having to go into safe-mode? Would safe-mode be able to prevent this? -GED Northern.CA ===-- http://www.northern.ca Canada\'s Search Engine -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: PHP Security Alert for Apache/Win32
AFAIK, you need the ScriptAlias line in your httpd.conf if you are running PHP as a CGI... Safer to run it as an SAPI module if you can and remove that ScriptAlias line. -GED LaserJetter - Re: PHP Security Alert for Apache/Win32 - Sun, 6 Jan 2002 20:16:39 - Can you not just delete the ScriptAlias line? What does that line actually do apart from create an Alias? LJ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]