On Tue, Jan 20, 2004 at 10:00:04AM +0100, Oliver Hitz wrote: > I think you should be able to avoid such exploits by using PHP's safe > mode. It allow you, among other things, to specify that only files in > a particular directory may be executed. This way, even if someone > succeeds uploading an exploit onto your server, he won't be able to run > it. Recommend that you also take a look at mod_security (http://www.modsecurity.org/) for apache. /Thomas -- == thomas@northernsecurity.net | thomas@se.linux.org == Encrypted e-mails preferred | GPG KeyID: 114AA85C --
Attachment:
signature.asc
Description: Digital signature