RE: Restrict uploaded scripts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> Wouldn't they still be able to overwrite each other?
> I don't think I expressed myself clearly. The point of the 
> protection is
> to keep the scripts from overwriting each other on purpose. It was a
> protection that would make it posible to upload scripts, even if you
> were not completly sure they were safe.
> 

So, you are concerned that someone will write a script that when RUN could
purposely overwrite some other files.  If I had people uploading their own
code to my server, I would be concerned as well. In fact, 'concerned' is not
quite a strong enough word.

As far as I know, when the uploaded script runs, it will have all the same
permissions that the user the webserver runs as has. So there would be no
(easy) way to control the possibility that it will overwrite files, add
records to your database, launch an attack on another host, send 100,000
spam messages to the whitehouse, download porn and email it to your
minister, etc, etc, etc...

JM

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux