I have installed sqlite3 to give database support in a web server with PHP v4 and safemode activated.
The php-sqlite3 module has been installed in order to use sqlite3 with PHP. It works fine, but there is
a problem with the safemode directive. Any user of the server can access to the file database of
another user and modify it, for example, if a user called user1 creates the file database in the
directory /home/user1/public_html, and another user, called user2, upload a php page to his directory
(/home/user2/public_html) that points to the file database located in the directory of user1
(/home/user1/public_html), this php page owned by user2 can access to the file database whose
owner is user1 and modify it, something that is not allowed by the safemode directive.
First, I thought that safemode did not work, but, it does, because the file database of user1 cannot be
read using the PHP function "readfile()" by a php file that owns to user2, giving the message that safemode
is activated and user2 cannot access to the file owned by user1.
Why does PHP safemode directive not work with php-sqlite3 module?. Any idea?
Thanks in advance,
Isaac.
- Prev by Date: RE: Re: WELCOME to php-install@xxxxxxxxxxxxx
- Next by Date: Re: Help compiling PHP 5.2.3 on OS X
- Previous by thread: Re: WELCOME to php-install@xxxxxxxxxxxxx
- Next by thread: Re: MySQL- Stored Procedures & Views
- Index(es):
 |