phpgroupware-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-users] The anonymous user problem...


From: Brian Johnson
Subject: Re: [Phpgroupware-users] The anonymous user problem...
Date: Thu, 06 Nov 2003 15:24:35 +0000

Just another thought.

I assume you want the guest user to have access to phpwebhosting to allow them 
to
download files.

Maybe just post a link to them on one of the sitemgr pages and do not give 
access to
the phpwebhosting app to the guest user at all

or just give access to the app when you are expecting a file and turn it off 
again
after the file is received

For that matter, if it is for a specific person, just give them a regular 
account



Marco Gaiarin (address@hidden) wrote:
>
>
>We have just dissected the problem that arises when you setup the guest
>user that use sitemgr to run the phpwebhosting application.
>
>A malicious user can use the phpwebhosting application and fill the
>database and filesystem with file.
>Can i:
>
>1) put some quota on user, preventing guest user from fill the FS
>
>2) disable the guest user to upload file at all
>
>3) make some script that delete file.
>
>4) ...
>
>
>so, some sort of quick hack to prevent this?!
>
>
>        Proteggiamo l'innovazione in Europa: no ai brevetti software
>                          http://swpat.xsec.it/
>
>
>_______________________________________________
>Phpgroupware-users mailing list
>address@hidden
>http://mail.gnu.org/mailman/listinfo/phpgroupware-users
>





reply via email to

[Prev in Thread] Current Thread [Next in Thread]