[X-Unix] Shared hosting with apache and php, security concerns
Scott Haneda
scott at newgeo.com
Wed Mar 17 22:55:19 PST 2004
on 03/17/2004 10:52 PM, Stroller at MacMonster at myrealbox.com wrote:
> I'm not sure what you mean by a "php file reading tool".
Php has the ability to read a file off the local filesystem and output its
results. With this, you can tell php to read other users site data, which
in many cases will contain usernames and passwords to databases and other
secure applications.
> <http://httpd.apache.org/docs/mod/mod_autoindex.html>
>
> Summary
> The index of a directory can come from one of two sources:
> - A file written by the user, typically called index.html. The
> DirectoryIndex directive sets the name of this file. This is
> controlled by mod_dir.
> - Otherwise, a listing generated by the server. The other directives
> control the format of this listing. The AddIcon, AddIconByEncoding and
> AddIconByType are used to set a list of icons to display for various
> file types; for each file listed, the first icon listed that matches
> the file is displayed. These are controlled by mod_autoindex.
> - The two functions are separated so that you can completely remove (or
> replace) automatic index generation should you want to.
>
> Automatic index generation is enabled with using Options +Indexes.
> See the Options directive for more details.
>
> If you haven't set -Indexes in your Apache configuration files, then
> you should do so.
This is unrelated to my questions.
--
-------------------------------------------------------------
Scott Haneda Tel: 415.898.2602
http://www.newgeo.com Fax: 313.557.5052
scott at newgeo.com Novato, CA U.S.A.
More information about the X-Unix
mailing list