how to secure the upload
Hi,
I drive my web server with apache/php, and permit to the users who have a count to upload , the users are declared nologin.
Unfortunatly then can upload a php program for example , and run it, and can see every thing in my disk. because the php application is running by apache.
How to deny the execution of the php program, is there something in apache config ? , the problem is that toexecute a php program you only need read permission, and if you remove the read permission nobody can download the file.
Ok , there is a possibility , change the extension or add another one like for exemple txt. May be better solution exists.
thanks for help
bela
|