Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

securing php

From: "Justin Shin" <zorkshin () tampabay rr com>
Date: Tue, 19 Aug 2003 17:51:46 -0400
Hi all --

I have a friend that owns a web hosting company and recently he asked me to check up on his security ... I found that 
PHP scripts could access, modify, etc. anything on the drive. Of course, this is because PHP was invoked by apache, 
which is being run as a root user (Administrator, he runs apache on win2k3 for some odd reason) but I do not know the 
remedy. How could he set up his apache/PHP so that only the users of his web hosting service could "do stuff" to their 
own web directories. I know I am not explaining this well, but I think you get the picture :) I also know there is a 
simple solution to this, I googled it though and I couldn't find it.

-- Justin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: