[gollem] FTP directory perms

Chuck Hagenbuch chuck@horde.org
Tue, 5 Mar 2002 13:02:49 -0500

Previous message: [gollem] FTP directory perms
Next message: Gollem with IE 6
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Rich West <Rich.West@divatv.com>:

> I have noticed that gollem, and I am guessing this is an artifact of PHP 
> --with-ftp compiled in, allows all users to browse the entire system (if 
> the ftp server is the same as the web server).  I mean, if you change 
> the "dir" variable within the URL, you can get anywhere on the system 
> (kinda scary), and this bypasses the normal FTP 'root-jail' setups for 
> accounts.

No. This is what your FTP server allows.

> Is there a way to configure it to observe the FTP server permissions 
> even if the FTP server resides on the same host as the web server for 
> the Horde system?

There is no way for it _not_ to. It is connecting to your FTP server and 
reading what your FTP server allows it to read.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"A dream which helps you to live your reality with dignity
 and justice is a good dream." - Tariq Ramadan

Previous message: [gollem] FTP directory perms
Next message: Gollem with IE 6
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]