[mapserver-users] PHP security advisory

Antti.Roppola at brs.gov.au Antti.Roppola at brs.gov.au
Thu Feb 28 17:36:40 PST 2002

Previous message (by thread): [mapserver-users] Sorta Off Topic - Putting PHP code in a CGI script?
Next message (by thread): [mapserver-users] mapserver on MacOS X with gdal and proj... YES!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a patch for PHP on http://www.php.net that PHP users should investigate.

>From my reading, file upload functions can be used to execute arbitrary code.

If you are installing PHP on an external box, you should be switching off functions
you are not using, things like system and file functions. There's a lot of good
material on the PHP site.

Antti

Previous message (by thread): [mapserver-users] Sorta Off Topic - Putting PHP code in a CGI script?
Next message (by thread): [mapserver-users] mapserver on MacOS X with gdal and proj... YES!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the MapServer-users mailing list