To fix this scenerio, chroot would require different apache processes
running under different users.

On Jan 11, 2008 3:46 PM, Lucas Prado Melo <[EMAIL PROTECTED]> wrote:

> On Jan 11, 2008 2:16 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
> >     Make sure you change the permissions on the directory in which
> > uploads are saved to be non-readable by anyone (including yourself, in
> > case the scripts are suexec'd).
> >
> >     For example, if the directory in which you save uploaded files is
> > uploads/ then just do this (on a *nix box):
> >         chmod 300 uploads
> >
> >     That way, files can still be saved to the directory (which
> > requires write and execute privileges), but the files cannot be read
> > or executed via the web, and directory listing is implicitly denied
> > for all protocols (and local access) to anyone except root.
>
> The uploaded scripts must be executed via the web because it's a host...
> Maybe we could prevent scripts from certain folders to see other
> folders... (chroot?)
> Do you know how to do it in apache?
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Reply via email to