[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-users] The anonymous user problem...
|
From: |
Chris Weiss |
|
Subject: |
Re: [Phpgroupware-users] The anonymous user problem... |
|
Date: |
Thu, 06 Nov 2003 22:48:23 +0000 |
chmod -R 000 /path/to/files/home/anon-user-name
the problem is that during setup we don't know what user you want to be the anon
user, and someone might want the anon-user to upload. So what should be added
to
the docs is that if you /dont/ want anon to upload, chmod the home dir for the
user
so the system will prevent it.
Marco Gaiarin (address@hidden) wrote:
>
>
>We have just dissected the problem that arises when you setup the guest
>user that use sitemgr to run the phpwebhosting application.
>
>A malicious user can use the phpwebhosting application and fill the
>database and filesystem with file.
>Can i:
>
>1) put some quota on user, preventing guest user from fill the FS
>
>2) disable the guest user to upload file at all
>
>3) make some script that delete file.
>
>4) ...
>
>
>so, some sort of quick hack to prevent this?!
>
>
> Proteggiamo l'innovazione in Europa: no ai brevetti software
> http://swpat.xsec.it/
>
>
>_______________________________________________
>Phpgroupware-users mailing list
>address@hidden
>http://mail.gnu.org/mailman/listinfo/phpgroupware-users
>