Changes

Jump to: navigation, search

Shared webhosting

975 bytes added, 06:27, 23 October 2011
m
Reverted edits by 217.78.23.54 (talk) to last revision by Kir
{{roughstub}}
More posts == The problem == One of the problems with shared web hosting (i.e. different people with each his/her own webpages) is that modern script languages such as PHP, Python, or Perl are too powerful. For example take the following PHP script: <pre><?php function get_content($filename) { $handle = fopen($filename, 'r'); echo fread($handle, filesize($filename)); fclose($handle);} get_content('/home/ppuk34/www/forum/config.inc.php'); ?></pre> With PHP you could use open_basedir to prevent this quality, but there are more ways. For example [http://mgeisler.net/php-shell/ PHP Shell], a script that is [http://mgeisler.net/downloads/phpshell/SECURITY often mis-used] by people with not-so-good intentions. Or think about the [http://www.f-secure.com/v-descs/santy_a.shtml Santy-worm] which mis-used phpBB. Not Again there is a solution in the usual c***form of safe_mode, pelsaebut lots of PHP scripts break if you enable this. For Python, Perl, or CGI-scripts there are no easy ways and you have to use wrappers or other tricks to chroot these.
== The solution ==

Navigation menu