RE: [PHP] Symbolic link fails when User Authentication comes in

Wed, 31 Jan 2001 11:49:44 -0800 

Johnny,

    It works, but how could this create a security hole? Could you please 
expalin a little bit more?

Thanks,
David


>From: "johnny p." <[EMAIL PROTECTED]>
>To: "david klein" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: RE: [PHP] Symbolic link fails when User Authentication comes in
>Date: Wed, 31 Jan 2001 13:54:22 -0600
>
>Add the FollowSymLinks to your httpd.conf file for that directory.  I
>don't recommend doing this, tho, since it *is* a security hole.
>
>    <Directory /apps/apache/docs/test1>
>    Options Indexes FollowSymLinks
>    </Directory>
>
>johnny p.
>
> > -----Original Message-----
> > From: david klein [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, January 31, 2001 1:43 PM
> > To: [EMAIL PROTECTED]
> > Subject: [PHP] Symbolic link fails when User Authentication comes in
> >
> >
> > I am using Apache user authentication, and it works fine.
> > However, if there
> > is a symbolic link inside a securied directory, the symbolic
> > linked file
> > will deny any access.
> >
> > For example, directory "/apps/apache/docs/test1" is a
> > securied directory,
> > and there is a symbolic linked file "file1.txt", after you
> > logged into
> > directory "/apps/apache/docs/test1" and try to access
> > "file1.txt", you will
> > be denied for the access?
> >
> > Does anyone have any idea?
> >
> > Thanks,
> > David
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
> > [EMAIL PROTECTED]
> >
> >
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
>

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to