[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-db
Subject:    [PHP-DB] php-sqlite3 and safemode
From:       "isaac vidal" <isvida () gmail ! com>
Date:       2007-08-28 18:55:37
Message-ID: f7a0580b0708281155j73227f07h909bd23749b74d85 () mail ! gmail ! com
[Download RAW message or body]


Hello,
I have installed sqlite3 to give database support in a web server with PHP
v4 and safemode activated.
The php-sqlite3 module has been installed in order to use sqlite3 with PHP.
It works fine, but there is
a problem with the safemode directive. Any user of the server can access to
the file database of
another user and modify it, for example, if a user called user1 creates the
file database in the
directory /home/user1/public_html, and another user, called user2, upload a
php page to his directory
(/home/user2/public_html) that points to the file database located in the
directory of user1
(/home/user1/public_html), this php page owned by user2 can access to the
file database whose
owner is user1 and modify it, something that is not allowed by the safemode
directive.

First, I thought that safemode did not work,  but, it does, because the file
database of user1 cannot be
read using the PHP function "readfile()" by a php file that owns to user2,
giving the message that safemode
is activated and user2 cannot access to the file owned by user1.

Why does PHP safemode directive not work  with  php-sqlite3 module?. Any
idea?

Thanks in advance,
Isaac.


[prev in list] [next in list] [prev in thread] [next in thread]