This is an Apache question, not a PHP one. I don't know if your Apache configuration file is named apache.conf or httpd.conf under Windows, but whatever it is, check these settings:
ServerRoot - should be set to the location where Apache is installed. DocumentRoot = set to where your web files are located. DirectoryIndex - should be set to the default file names, e.g index.htm, index.html, index.php plus one more, which automatically has theeffect of adding a trailing slash to an URL, so that you do not get a directory listing. This is a start - Miles At 03:52 PM 1/4/2002 +0100, [EMAIL PROTECTED] wrote: >Hi, > >I have a big security hole in my php and I cannot get out why: > > Operating system: Windows XP > PHP version: 4.1.1 > Bug description: Script accesses harddrive. what did I do wrong? > > I installed Apache 1.3.20 with PHP and now I saw, a php script can show my > complete harddrive remotly. I don't know if it is a bug in php, I think > not, I think I configured something wrong but I have ABSOLUTLY no idea what > and I didn't find help anywhere. maybe you can tell me what this could be. > > > thanks a lot > >P.S.: how can I configure that scripts only access things in the directory >they where executed or in their subdirs? > >chris > > >________________________________________________________________ >Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr! >Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13 > > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]