|
Posted by Matti Kiviharju on January 16, 2008, 12:29 pm
Please log in for more thread options
Matti Kiviharju kirjoitti:
> I have a Window Server 2003 R2 x64 Std and want to ask how to set Apache
> and PHP Security and Security of Tomcat.
>
> In my installation with Apache 2 and PHP 5 is possible to make/list
> folder/files to C: root and every where in server.
>
> How to I setup these user settings like there only to possible to make
> things above only in wanted folders and exec function can be used only
> for run chosen applications. I know how to set in php.ini that exec
> function is not possible and that php files can be ran only in chosen
> folders but that not fix everything. In my install Apache can but only
> configured folders to public by VirtualHost but PHP seems to can be do
> everything. So if I try to but non-configured folder to apache
> VirtualHost it tells me that there is not any read/write rights to this
> folder. That seems to work and Apache haves atomatically made security
> settings and user accounts.
And the wath is problem? Apache works but with PHP I can run command
exec('format C:'); and then it is end ofthe story if I don't dissable
exec function on php.ini. That is not what I want. I want that format C:
is only able to run with admin account and PHP is always ran with
account that can not execute commands like format c:.
| 
XML Sitemap