How To Disallow Php.ini Overriding
Jul 11, 2007
if i enabled phpsuexec the client can remove all disable_functions and every thing if he just uploaded php.ini to his public_html folder
i thought about this:
ln -s /usr/local/lib/php.ini /home/user/public_html/php.ini
and it work perfectly but if the user triad to make edit via FTP to the file he will see the file content but can't edit
i triad to chmod to 0 but it will stop PHP
is there any solution to stop the user see the content for the file?
View 9 Replies
Nov 6, 2009
There is a user on my server that uploaded a php.ini file to their home directory, that disabled the "disable_functions" in the server php.ini. Is it possible to stop people from doing this?
View 1 Replies
View Related
Nov 5, 2007
I am configuring a bind reverse DNS zone to use the $GENERATE statement. This works well. But If I add a single IP record after or before the $GENERATE statement I get 2 PTR records for that IP (which is expected I guess).
Does anyone know if it's possible to report only 1 PTR record for a single IP (host) record?
View 1 Replies
View Related
May 25, 2008
this is simple steps to Prevents users from overriding system php.ini in suPHP mode .... in CPanel servers
first : you must make sure that suphp is installed as default handler
than just edit your httpd.conf file or php.conf file ( will be better to use php.conf )
now add this line :
Quote:
suPHP_ConfigPath /usr/local/lib
or ( Zend )
Quote:
suPHP_ConfigPath /usr/local/Zend
if you need to use only php.ini config file :
Quote:
suPHP_Config /usr/local/lib/php.ini
View 0 Replies
View Related
Oct 26, 2005
Ok, here's the deal. I am about to start a site to allow users to log into a password protected area and then, based on each individual user, they will be given access to a .pdf file which contains pricing and rate information that is specific to the particular user.
What is the best way for me to secure the location so that a person could not go to - for instance - www.site.com/docs/xxx.pdf and view someone else's file?
I am using a Win Server 2003/IIS 6 environment. The site will be written in php, and will have a SQL Server 2000 backend to store the userid/pwd combinations, and the name of the particular user's file. I know to make it where the contents of the directory can't be listed, but I need to make sure a person could not quess the filename of another users .pdf and be able to view it.
View 1 Replies
View Related
May 4, 2007
Is there a way to disallow a particular site from sending out emails, while allowing other sites on the same server? My server uses Cpanel.
Also, is there a way to only tar files of a particular type, such as PHP, recursively from a directory?
View 10 Replies
View Related
Nov 4, 2014
We use our own backoffice for remote logins. Passwords for panel login are encrypted. Is it possible to remove the option for customers to change their password for panel login so they will stay in sync with our own backoffice?
If it's not possible, is there a way to decrypt the panel login passwords, like there is for the admin-password (/usr/local/psa/bin/admin --show-password)?
View 1 Replies
View Related
Oct 26, 2014
in wordpress is wp-includes folder, i dont want anyone just execute file from this directory so it just serve wordpress not any malicious file be executed from there,
so i added this rule into /wp-includes/.htaccess:
RewriteRule ^(wp-includes)/.*$ ./ [NC,R=301,L]
View 2 Replies
View Related
