Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:3674
Return-Path: <phil@dialsolutions.co.uk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 40502 invoked from network); 1 Aug 2003 09:46:58 -0000
Received: from unknown (HELO dialsolutions.co.uk) (62.49.233.34)
  by pb1.pair.com with SMTP; 1 Aug 2003 09:46:58 -0000
Received: (qmail 8708 invoked from network); 1 Aug 2003 09:46:57 -0000
Received: from unknown (HELO linux.dialsolutions3.demon.co.uk) (192.168.1.17)
  by 0 with SMTP; 1 Aug 2003 09:46:57 -0000
To: internals@lists.php.net
Date: Fri, 1 Aug 2003 10:46:55 +0100
User-Agent: KMail/1.5.1
References: <059101bffadb$28a33670$1400000a@fatcuban> <3F2933BC.8010401@php.net> <200307311014.16774.evan@coeus-group.com>
In-Reply-To: <200307311014.16774.evan@coeus-group.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-ID: <200308011046.55934.phil@dialsolutions.co.uk>
Subject: Re: [PHP-DEV] upload compromises
From: phil@dialsolutions.co.uk (Phil Driscoll)

If ISPs want to prevent stupid scripts copying uploaded files under 
document_root they can set ownership and permissions on document_root so that 
the web server doesn't have permission to write files there. That should fix 
all problems associated with uploading php, perl and other such files which 
might be otherwise executed by the web server.
-- 
Phil Driscoll