Wouldn't it even be posible, if the script couldn't be run directly, but had to be run through require or something like that? fre, 09 06 2006 kl. 08:38 -0400, skrev Jim Moseby: > > > > Wouldn't they still be able to overwrite each other? > > I don't think I expressed myself clearly. The point of the > > protection is > > to keep the scripts from overwriting each other on purpose. It was a > > protection that would make it posible to upload scripts, even if you > > were not completly sure they were safe. > > > > So, you are concerned that someone will write a script that when RUN could > purposely overwrite some other files. If I had people uploading their own > code to my server, I would be concerned as well. In fact, 'concerned' is not > quite a strong enough word. > > As far as I know, when the uploaded script runs, it will have all the same > permissions that the user the webserver runs as has. So there would be no > (easy) way to control the possibility that it will overwrite files, add > records to your database, launch an attack on another host, send 100,000 > spam messages to the whitehouse, download porn and email it to your > minister, etc, etc, etc... > > JM > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
