'RE: [PHP] Symbolic link fails when User Authentication comes in'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-general
Subject:    RE: [PHP] Symbolic link fails when User Authentication comes in
From:       "david klein" <davidklein101 () hotmail ! com>
Date:       2001-01-31 20:04:14
[Download RAW message or body]

Johnny,

    It works, but how could this create a security hole? Could you please 
expalin a little bit more?

Thanks,
David


>From: "johnny p." <johnny@gameloop.com>
>To: "david klein" <davidklein101@hotmail.com>, <php-general@lists.php.net>
>Subject: RE: [PHP] Symbolic link fails when User Authentication comes in
>Date: Wed, 31 Jan 2001 13:54:22 -0600
>
>Add the FollowSymLinks to your httpd.conf file for that directory.  I
>don't recommend doing this, tho, since it *is* a security hole.
>
>    <Directory /apps/apache/docs/test1>
>    Options Indexes FollowSymLinks
>    </Directory>
>
>johnny p.
>
> > -----Original Message-----
> > From: david klein [mailto:davidklein101@hotmail.com]
> > Sent: Wednesday, January 31, 2001 1:43 PM
> > To: php-general@lists.php.net
> > Subject: [PHP] Symbolic link fails when User Authentication comes in
> >
> >
> > I am using Apache user authentication, and it works fine.
> > However, if there
> > is a symbolic link inside a securied directory, the symbolic
> > linked file
> > will deny any access.
> >
> > For example, directory "/apps/apache/docs/test1" is a
> > securied directory,
> > and there is a symbolic linked file "file1.txt", after you
> > logged into
> > directory "/apps/apache/docs/test1" and try to access
> > "file1.txt", you will
> > be denied for the access?
> >
> > Does anyone have any idea?
> >
> > Thanks,
> > David
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at http://explorer.msn.com
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: php-general-unsubscribe@lists.php.net
> > For additional commands, e-mail: php-general-help@lists.php.net
> > To contact the list administrators, e-mail:
> > php-list-admin@lists.php.net
> >
> >
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: php-general-unsubscribe@lists.php.net
>For additional commands, e-mail: php-general-help@lists.php.net
>To contact the list administrators, e-mail: php-list-admin@lists.php.net
>

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe@lists.php.net
For additional commands, e-mail: php-general-help@lists.php.net
To contact the list administrators, e-mail: php-list-admin@lists.php.net

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic