[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sheflug] Re: PHP and Plusnet
Ashe
> I found out something interesting about the cgi webs pace servers that Plusnet
> uses to allow its customers to have php access. It seems that the way it's
> configured means that all users on the system are in the same group, the
> upshot of this is that its perfectly possible to go into another users
> webs pace, and grab any sql server password/other interesting hidden goodies.
> Now, maybe I'm naive, and they quite possibly have good reasons to set it up
> the way it is, but I think thats a dreadful bit of system configuration.
It's fairly average for Plusnet :) I used to work for them :) Or, I
might say, tell me about it.
--
Richard
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.