phpgroupware-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-users] The anonymous user problem...


From: Brian Johnson
Subject: Re: [Phpgroupware-users] The anonymous user problem...
Date: Thu, 06 Nov 2003 15:21:50 +0000

Quick hack:

use a softlink (ln -s) to forward that user's home dir (the virtual file system 
home
dir in phpwebhosting) to a small HD partition used only by that user.

If it gets filled up, it doesn't affect anyone else



Marco Gaiarin (address@hidden) wrote:
>
>
>We have just dissected the problem that arises when you setup the guest
>user that use sitemgr to run the phpwebhosting application.
>
>A malicious user can use the phpwebhosting application and fill the
>database and filesystem with file.
>Can i:
>
>1) put some quota on user, preventing guest user from fill the FS
>
>2) disable the guest user to upload file at all
>
>3) make some script that delete file.
>
>4) ...
>
>
>so, some sort of quick hack to prevent this?!
>
>
>        Proteggiamo l'innovazione in Europa: no ai brevetti software
>                          http://swpat.xsec.it/
>
>
>_______________________________________________
>Phpgroupware-users mailing list
>address@hidden
>http://mail.gnu.org/mailman/listinfo/phpgroupware-users
>





reply via email to

[Prev in Thread] Current Thread [Next in Thread]