Yeah, I guess I meant that! - The Attacker just needs to upload a nice PHP Script wich is able to spy all serverpathes, maybe via phpinfo() and then open each file stored in the session tmp path via dir_list() funktion, hope this was the right funktion, but there are some, with php it's easy to browse the hole server i think, via the file funktions.
Puh, I'm sweating to much... hard to write. Schura > ----- Original Message ----- > From: "Bas Jobsen" <[EMAIL PROTECTED]> > To: "Sascha Braun" <[EMAIL PROTECTED]>; "PHP Mailingliste" > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, August 15, 2002 12:30 AM > Subject: Re: [PHP] SESSION Security > > > > > > Op donderdag 15 augustus 2002 01:03, schreef u: > > > So, if somebody gets an ftp account somehow, he will be able to get > session > > > vars via a system() command? > > > > You holds him in its own dir by the chroot setting of you ftpserver. > > > via a system(); > > you mean if they upload a php file? > > prevent that with your php.ini settings: > > > > open_basedir string: Limit the files that can be opened by PHP to the > > specified directory-tree. > > or > > safe_mode boolean > > Whether to enable PHP's safe mode. Read the Security and Safe Mode > chapters > > for more information. > > > > if you allow cgi, you must built the same sort restrictions for that too. > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php