This is an Apache question, not a PHP one. I don't know if your Apache
configuration file is named apache.conf or httpd.conf under Windows, but
whatever it is, check these settings:
ServerRoot - should be set to the location where Apache is installed.
DocumentRoot = set to where your web files are located.
DirectoryIndex - should be set to the default file names, e.g index.htm,
index.html, index.php
plus one more, which automatically has theeffect of adding a trailing slash
to an URL, so that you do not get a directory listing.
This is a start - Miles
At 03:52 PM 1/4/2002 +0100, [EMAIL PROTECTED] wrote:
>Hi,
>
>I have a big security hole in my php and I cannot get out why:
>
> Operating system: Windows XP
> PHP version: 4.1.1
> Bug description: Script accesses harddrive. what did I do wrong?
>
> I installed Apache 1.3.20 with PHP and now I saw, a php script can show my
> complete harddrive remotly. I don't know if it is a bug in php, I think
> not, I think I configured something wrong but I have ABSOLUTLY no idea what
> and I didn't find help anywhere. maybe you can tell me what this could be.
>
>
> thanks a lot
>
>P.S.: how can I configure that scripts only access things in the directory
>they where executed or in their subdirs?
>
>chris
>
>
>
>Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr!
>Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13
>
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]