[mapserver-users] PHP security advisory

Antti.Roppola at brs.gov.au Antti.Roppola at brs.gov.au
Thu Feb 28 20:36:40 EST 2002

Previous message: [mapserver-users] Sorta Off Topic - Putting PHP code in a CGI script?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a patch for PHP on http://www.php.net that PHP users should investigate.

>From my reading, file upload functions can be used to execute arbitrary code.

If you are installing PHP on an external box, you should be switching off functions
you are not using, things like system and file functions. There's a lot of good
material on the PHP site.

Antti

Previous message: [mapserver-users] Sorta Off Topic - Putting PHP code in a CGI script?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the mapserver-users mailing list