#19 Securityhole in PHP

[Anonymous]

Hi there!

I am running a FoxServ on a Win32-System (Win98), as
FTP-Server I took Jana.. My problem is, that anyone
who has FTP-Access could write files to spy my whole
harddisc (all passwords (htaccess)) a.s.o....

Under Linux I could take a sandbox as solution. Is
there anything I can do without changing my system to
Linux ?

Thanks in advance!

[Nobody/Anonymous]

Logged In: NO

well you could restrict the kinds of files they upload.
that is about the only thing i can think of

[Nobody/Anonymous]

Logged In: NO

But i can't restrict PHP - that's my problem....

Anyone who has FTP-Access could write a simple kind of an
explorer in PHP and could work way through my hd...

Even in the NT-Series this security hole is present. The
master of disaster is the one who ever is loged in - and if
you use PHP -- the PHP-Script of anyone earns the rights of
the loged-in person...

[Nobody/Anonymous]

Logged In: NO

But i can't restrict PHP - that's my problem....

Anyone who has FTP-Access could write a simple kind of an
explorer in PHP and could work way through my hd...

Even in the NT-Series this security hole is present. The
master of disaster is the one who ever is loged in - and if
you use PHP -- the PHP-Script of anyone earns the rights of
the loged-in person...