[thelist] securing script

Sean German sgerman at sprockets.com
Tue Mar 27 12:42:40 CST 2001


Howdy,

One thing to look into is running your service, process, daemon, whatever
under a user account created just for that purpose.  Then make sure that
account only has rights to do what you want users of the script to do.

HTH


Sean

> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org]On Behalf Of Joxn
> Sent: Tuesday, March 27, 2001 1:26 PM
> To: thelist at lists.evolt.org
> Subject: [thelist] securing script
>
>
> Hi everybody,
> I've written a PHP script with which I can browse through my server's
> directory structure (eg. an lyrics archive).
>
> I've defined an absolute root path $pRoot =
> "/home/foo/bar/website/music";
> And when I call my script - lyrics.php - it only uses relative
> sub-paths,
> like lyrics.php?path=bad_relgion/against_the_grain/





More information about the thelist mailing list