php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #22598 web server security
Submitted: 2003-03-07 19:21 UTC Modified: 2003-03-08 16:59 UTC
From: luke at cywh dot com Assigned:
Status: Not a bug Package: Apache2 related
PHP Version: 4.3.1 OS: Windows XP
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2003-03-07 19:21 UTC] luke at cywh dot com 
I run a small hosting operation like geocities (free 20mb), and i offer php support. problem is, is the users can access anything on my computer on php. infact one did which is why im typing this up. someone suggested to set openbase_dir, but when i do it shows up as no value in the phpinfo() and it seems to not work at all. from what i understand is if you put a . or something, or set it, its supposed to not allow scripts to access any file outside the folder, but can allow subfolders from that script.

i run a webmail php script that has to access c:/windows/temp/itsname/

i dont want any user to access anything outside their folder.

i run apache 2.0.43. someone said i should downgrade php and apache which i dont want to do. ive had to many problems with apache 1.3 and im not going to downgrade from 2.0. i dont feel i have to do it anyway. if i have to disable apache use for the users folders i will, but i dont really want to take away a feature ive already promissed.

thanks guys

Luke Scott
www.cywh.com
(http://cytech.cywh.com/phpinfo.php)
(if you could, please send me an email)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-07 19:23 UTC] luke at cywh dot com 
I run a small hosting operation like geocities (free 20mb), and i offer
php support. problem is, is the users can access anything on my computer
on php. infact one did which is why im typing this up. someone suggested
to set openbase_dir, but when i do it shows up as no value in the
phpinfo() and it seems to not work at all. from what i understand is if
you put a . or something, or set it, its supposed to not allow scripts
to access any file outside the folder, but can allow subfolders from
that script.

i run a webmail php script that has to access c:/windows/temp/itsname/

i dont want any user to access anything outside their folder.

i run apache 2.0.43. someone said i should downgrade php and apache
which i dont want to do. ive had to many problems with apache 1.3 and im
not going to downgrade from 2.0. i dont feel i have to do it anyway. if
i have to disable php use for the users folders i will, but i dont
really want to take away a feature ive already promissed.

thanks guys

Luke Scott
www.cywh.com
(http://cytech.cywh.com/phpinfo.php)
(if you could, please send me an email)
 [2003-03-08 11:06 UTC] sniper@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

Try some mailing list instead, like php-general@lists.php.net as this is a _bug_ database, not support forum.
 [2003-03-08 16:47 UTC] luke at cywh dot com 
what about me setting the value and it not showing up as set at all?
 [2003-03-08 16:59 UTC] luke at cywh dot com 
never mind. its fixed. thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 03 20:01:31 2024 UTC