------------ Original Message ------------ > Date: Monday, October 06, 2014 22:07:25 +0200 > From: Christoph Becker <cmbecker69@xxxxxx> > To: php-general@xxxxxxxxxxxxx > Subject: Re: Re: hacked!! > > Richard wrote: > >> ------------ Original Message ------------ >>> Date: Saturday, October 04, 2014 13:50:30 -0400 >>> From: Jim Giner <jim.giner@xxxxxxxxxxxxxxxxxx> >>> To: php-general@xxxxxxxxxxxxx >>> Subject: Re: Re: hacked!! >>> >>> On 10/4/2014 1:35 PM, Christoph Becker wrote: >>>> >>>> As Richard has repeatedly said, this all depends on who owns the >>>> files/folders. See >>>> <http://en.wikipedia.org/wiki/File_system_permissions>. >>>> >>> And as I have repeatedly said - I do not know these things. It >>> is a hosted server and the admins there set this all up. I >>> simply use it - apparently a little weaker than it s/b. >> >> You should contact the server admins and find out the answers. > > It is not strictly necessary to contact the hosting provider to > get this information. Besides using > posix_getpwuid(posix_geteuid()) (which may be available or not), > the following technique should work everywhere: > > * upload a dummy file via FTP and check the owner (the FTP client > should list this information) > > * create a dummy file with PHP and check the owner > > -- > Christoph M. Becker Actually, the output of the phpinfo() function should show the user and group that the server is running as. If the "user" is the same as the login id that is being used to place files on the site, then fully securing the site against hacking is tricky. If it's only the "group" (or neither), then careful permissions control should have a positive effect. - Richard -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
