Solved

Win XP Apache Permissions (outside of htdocs)

Posted on 2004-08-18
1
652 Views
Last Modified: 2011-04-14
Not sure if this is a Apache question or a php question.

I have Win XP Pro, with Apache and PHP 5

I have my doc root folder standard,
it is C:/Apache/htdocs

The problem is, I don't want scripts I write in those folders to access outside that folder.

for instance, I can use ../../ and get to c:/ (this of course in php scripting)
ex. fopen("../../boot.ini","r")   this would be opening c:/boot.ini

How can I stop this?  how can I make the user (well the person who has access to writing scripts and html pages) see the document root as /htdocs or even just / ?
or just make them not have permissions below C:/Apache/htdocs

Thanks
0
Comment
Question by:ThaSmartUno
1 Comment
 
LVL 15

Accepted Solution

by:
samri earned 500 total points
ID: 11838485

I would think that you could configure your PHP to restrict the execution of PHP to certain document tree, and preventing them to traverse up the tree.  

At the OS level, you could fine your setting such that Apache would have a different User/Group, and restrict filesystem access to those that is allowed.  This should be fine.  I  haven't tried this, but in theory it should work.

Personally, I would prefer the 2nd options.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ProxyPass - Problem 5 123
maven set up 2 128
instanceof  operator in java 26 87
Where are web pages installed that I wish to invoke from tomcat (MAC) 2 49
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now