[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-users] The anonymous user problem...
From: |
Brian Johnson |
Subject: |
Re: [Phpgroupware-users] The anonymous user problem... |
Date: |
Thu, 06 Nov 2003 15:24:35 +0000 |
Just another thought.
I assume you want the guest user to have access to phpwebhosting to allow them
to
download files.
Maybe just post a link to them on one of the sitemgr pages and do not give
access to
the phpwebhosting app to the guest user at all
or just give access to the app when you are expecting a file and turn it off
again
after the file is received
For that matter, if it is for a specific person, just give them a regular
account
Marco Gaiarin (address@hidden) wrote:
>
>
>We have just dissected the problem that arises when you setup the guest
>user that use sitemgr to run the phpwebhosting application.
>
>A malicious user can use the phpwebhosting application and fill the
>database and filesystem with file.
>Can i:
>
>1) put some quota on user, preventing guest user from fill the FS
>
>2) disable the guest user to upload file at all
>
>3) make some script that delete file.
>
>4) ...
>
>
>so, some sort of quick hack to prevent this?!
>
>
> Proteggiamo l'innovazione in Europa: no ai brevetti software
> http://swpat.xsec.it/
>
>
>_______________________________________________
>Phpgroupware-users mailing list
>address@hidden
>http://mail.gnu.org/mailman/listinfo/phpgroupware-users
>