Re: [nyphp-talk] Can't do PHP 'exec' for an rsync command via web server

Daniel Convissor Mon, 25 Jun 2012 10:14:22 -0700

Hi David:

> It was very wise of Hans to also recommend to create
> /home/apache instead of using the default /var/www because a nasty user
> could have easily accessed the .ssh directory there and gotten the
> public/private keys, and the known hosts.


Well, they still do.  Though the attacker would have to be able to
add/edit a script on your server, putting in code that reads the
files from the /home/apache dir.

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
        4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

http://www.nyphp.org/show-participation

Re: [nyphp-talk] Can't do PHP 'exec' for an rsync command via web server

Reply via email to