To fix this scenerio, chroot would require different apache processes running under different users. On Jan 11, 2008 3:46 PM, Lucas Prado Melo <lucaspm@xxxxxxxxxxx> wrote: > On Jan 11, 2008 2:16 PM, Daniel Brown <parasane@xxxxxxxxx> wrote: > > Make sure you change the permissions on the directory in which > > uploads are saved to be non-readable by anyone (including yourself, in > > case the scripts are suexec'd). > > > > For example, if the directory in which you save uploaded files is > > uploads/ then just do this (on a *nix box): > > chmod 300 uploads > > > > That way, files can still be saved to the directory (which > > requires write and execute privileges), but the files cannot be read > > or executed via the web, and directory listing is implicitly denied > > for all protocols (and local access) to anyone except root. > > The uploaded scripts must be executed via the web because it's a host... > Maybe we could prevent scripts from certain folders to see other > folders... (chroot?) > Do you know how to do it in apache? > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
