Hi,
I've decided to turn on/set safe_mode, document_root
and open_basedir in apache's httpd.conf in order to
make the scripts a little more secure (some upload
files such as image) in a virtual host.
Everything worked fine except for a couple of scripts.
Those scripts (used for file upload) first move (with
move_uploaded_file from /tmp to a folder/directory
located under the document root of the site.
The user verifies that he really wants that image and
then (another script) moves to the definitive
folder/directory.
Since the 2 part was not working I've changed to use
the copy function and it gave me a
"..SAFE MODE Restriction in effect. The script whose
uid is X is not allowed to access
/home/httpd/html/somewhere/imgtmp/uploaded_img.png
owned by uid Y (the web server) in
/home/httpd/html/somewhere/script.php3 on line 34"
How do I solve this ? For now I've disabled
safe_mode.
But I am considering setting it back on and change
(somehow) the default upload dir to a new one. Since
move_uploaded_file still works (even with safe_mode) I
assume I will work but another problem arises.
The name of the uploded file (which I do not control)
is something like phpUKXh6R so how to tell the browser
of the correct mime-type ? I do have the original
name...
Changing the uid of the scripts to the same of the web
server seems to bring aditional security problems.
Thanks.
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
