It you're running Apache, you could use a .htaccess file and change the php setting there.
Seth. [EMAIL PROTECTED] said: > > I recently had someone deface the website on my server and one of the > vulnerablities they used to upload a rootkit, was from a php website on > my server that allowed file uploads to /tmp. There were other unrelated > vulnerablities that allowed them to actually run the rootkit. > > Anyway as a result, to prevent users from hosting php code that allows > file uploads w/o my knowing, i disabled file uploads in my php.ini > files. You can guess my problem -- now no users can attach files to > their squirrelmail emails. Note that the squirrelmail code is pretty > secure because the attachment directory is not world-readable like /tmp > is. > > My question: Is there ANY way to selectively allow file uploads from a > select group of php files (e.g. squirrelmail) while restricting it for > all other php scripts? > > Or is there another creative solution to my problem? > > Thanks, > Durwood > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > -- > squirrelmail-users mailing list > List Address: [EMAIL PROTECTED] > List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 > List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > -- Seth Randall IT Support Specialist Missoula Federal Credit Union [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
