Christian Holler wrote: > Hi, > > I have a big security hole in my php and I cannot get out why: > > Operating system: Windows XP > PHP version: 4.1.1 > Bug description: Script accesses harddrive. what did I do wrong? > > I installed Apache 1.3.20 with PHP and now I saw, a php script can show > my complete harddrive remotly. I don't know if it is a bug in php, I > think not, I think I configured something wrong but I have ABSOLUTLY no > idea what and I didn't find help anywhere. maybe you can tell me what > this could be. > > > thanks a lot > > P.S.: how can I configure that scripts only access things in the directory > they where executed or in their subdirs? > > chris > > > ________________________________________________________________ > Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr! > Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13
Do not quote me but I think your apache settings may be incorrect. I think you can limit your Server Side Scripts to certain directories. -- Harry Jackson :::::::::::::: 22 :::::::::::::: "Private faces in public places, Are wiser and nicer, Than public faces in private places." Wystan Hugh Auden -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]