[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-users] The anonymous user problem...
From: |
Brian Johnson |
Subject: |
Re: [Phpgroupware-users] The anonymous user problem... |
Date: |
Thu, 06 Nov 2003 15:21:50 +0000 |
Quick hack:
use a softlink (ln -s) to forward that user's home dir (the virtual file system
home
dir in phpwebhosting) to a small HD partition used only by that user.
If it gets filled up, it doesn't affect anyone else
Marco Gaiarin (address@hidden) wrote:
>
>
>We have just dissected the problem that arises when you setup the guest
>user that use sitemgr to run the phpwebhosting application.
>
>A malicious user can use the phpwebhosting application and fill the
>database and filesystem with file.
>Can i:
>
>1) put some quota on user, preventing guest user from fill the FS
>
>2) disable the guest user to upload file at all
>
>3) make some script that delete file.
>
>4) ...
>
>
>so, some sort of quick hack to prevent this?!
>
>
> Proteggiamo l'innovazione in Europa: no ai brevetti software
> http://swpat.xsec.it/
>
>
>_______________________________________________
>Phpgroupware-users mailing list
>address@hidden
>http://mail.gnu.org/mailman/listinfo/phpgroupware-users
>