Web Servers on Unix and Linux - Re: .htaccess prevents itself from being viewed but not "sess*" files in dir

This is Interesting: Free IT Magazines  
Home > Archive > Web Servers on Unix and Linux > December 2006 > Re: .htaccess prevents itself from being viewed but not "sess*" files in dir





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: .htaccess prevents itself from being viewed but not "sess*" files in dir
phillip.s.powell@gmail.com

2006-12-06, 7:20 pm


Concreteman wrote:
> phillip.s.powell@gmail.com wrote:
>
> /tmp should work even in your environement and should work in about 95%
> linux flavored hosting. If it doesn't you might consider moving. You
> might also run phpinfo.php and make sure your temp is at /tmp. Session
> files are dangerous to have lying around anywhere, it is a major
> security breach.

Would you believe we're in the 5%? It's a "chroot jail", no access of
any kind is allowed outside of your chroot, not even to /tmp!

I agree about leaving session files lying around, but sadly I have no
choice unless the company decides to go with my suggestion on a
dedicated host instead of a shared host, until then I'm expected to
come up with a solution that is secure and functionable within the
shared host settings given to us

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com