Re: [PHP] upload but restrict
On Fri, 17 May 2002, r wrote: > Sorry for the late reply, > but i have a boss who wants everything done RIGHT NOW! > > Anyway, as an example think a person uploads a .php or .exe file, I just > dont want it to run on my webserver > how can i restrict him/her? Just make sure the uploads are in a directory where Apache has been configured not to run anything. How to do that depends on how you told it to run things in other directories. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload but restrict
Hey, Sorry for the late reply, but i have a boss who wants everything done RIGHT NOW! Anyway, as an example think a person uploads a .php or .exe file, I just dont want it to run on my webserver how can i restrict him/her? Any ideas welcome -Ryan. - Original Message - From: "Jason Wong" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 16, 2002 7:28 AM Subject: Re: [PHP] upload but restrict > On Friday 17 May 2002 10:40, r wrote: > > Greetings friends, pals, nymphos, programmers, geeks and others, of gods > > chosen people! > > > > Here goes, > > I have a program that uploads any file and allows the person to see whats > > in a particular directory without any problems, > > not bad for a newbie eh? stand up and clap!!! > > > > what i want to do is make sure that whatever the person uploads cannot > > "run" or be executedany ideas on how to do this? > > Why? Who is going to run it, and where are they going to run it? > > -- > Jason Wong -> Gremlins Associates -> www.gremlins.com.hk > Open Source Software Systems Integrators > * Web Design & Hosting * Internet & Intranet Applications Development * > > /* > I am looking for a honest man. > -- Diogenes the Cynic > */ > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload but restrict
On Thu, 16 May 2002, r wrote: > Here goes, > I have a program that uploads any file and allows the person to see whats in > a particular directory without any problems, > not bad for a newbie eh? stand up and clap!!! > > what i want to do is make sure that whatever the person uploads cannot "run" > or be executedany ideas on how to do this? > > Baically its a file sharing program..."a" uploads something "b" downloads > it...I just dont want to get screwed in the bargain Not sure I get your question. Cannot be "run" or "executed" by whom? By the web server? Just don't let it run them. By people who download them? Impossible. There are too many executable formats. The only choice would be to have a whitelist of file formats (i.e., "GIF", "JPEG", "PNG", use 'file' to check the prologue of each file, and then toss anything else. miguel P.S. Your system clock is about 11 hours fast (or you've selected the wrong time zone), which is annoying since it puts your messages out of sequence and I can't tell whether or not they've been replied to without reading through 200 other headers. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] upload but restrict
On Friday 17 May 2002 10:40, r wrote: > Greetings friends, pals, nymphos, programmers, geeks and others, of gods > chosen people! > > Here goes, > I have a program that uploads any file and allows the person to see whats > in a particular directory without any problems, > not bad for a newbie eh? stand up and clap!!! > > what i want to do is make sure that whatever the person uploads cannot > "run" or be executedany ideas on how to do this? Why? Who is going to run it, and where are they going to run it? -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * /* I am looking for a honest man. -- Diogenes the Cynic */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php