WebApp Sec mailing list archives
Enabling PHP uploads
From: Johann Spies <jspies () sun ac za>
Date: Mon, 24 Apr 2006 10:23:15 +0200
I would like to hear from the members of this list their opinion about the safety of enabling php's upload abilities on a webserver with several clients. In the past I have declined requests to do so because it cannot be done on a per-user-basis as I understand it and because I was uncertain about the safety of such a setup. Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "Now unto him that is able to do exceeding abundantly above all that we ask or think, according to the power that worketh in us, Unto him be glory in the church by Christ Jesus throughout all ages, world without end. Amen." Ephesians 3:20,21 ------------------------------------------------------------------------- This List Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Enabling PHP uploads Johann Spies (Apr 24)
- Re: Enabling PHP uploads Markus Fischer (Apr 26)