Windows and PHP

He has: 296 posts

Joined: May 2002

I'm writing a script to rename files, its a batch renaming script since I usually rename large amounts of files. With this script I found a rather curious flaw or something. I'm not sure if this holds true for every platform or not, but I found this in windows.

My dad protected a directory from everyone but himself when he's logged on. In explorer I can't open the folder no matter how I try. With this script, wich is INCREDIBLY simple right now, I can open it no problem. I can most likely read the files and get what may be private data. I don't know if this has been talked about before, I'm sure it has, but I thought I'd bring it up.

[James Logsdon]

Mark Hensler's picture

He has: 4,048 posts

Joined: Aug 2000

Thank you, Billy G.

druagord's picture

He has: 335 posts

Joined: May 2003

This is probably because on windows php run as the webserver user IUSR_machinename wich get more rights then your user.

They have: 461 posts

Joined: Jul 2003

another diff between windows and operating systems done right:

user priviledges

you just exploitd a problem with window user privledges. what os? if you use a wnt (vms anyone?) base i'll be more suprised than 95/98/me

POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.

druagord's picture

He has: 335 posts

Joined: May 2003

It cna't be one of those 95/98/me since they don't support any kind of user priviledge

He has: 296 posts

Joined: May 2002

It's windows2000 (NT Based).

They have: 461 posts

Joined: Jul 2003

95/98/me supports multiple users. i thought it merely locked the naming/editing to the creator unless otherwise told to.

the guy that made vms was contracted to help out in wnt. that's why it was given wnt before they came up with the words for the acronym. i figured it'd be better because of that.

apparently it's better with user privledges but doesn't quite do that right. i know on *nix if it's called from your user it's you, but from the webserver (go to it through a browser)it operates as the webserver (and subsequently, would theoretically be possible to have the same effect if you're not careful... i haven't tested it so i don't know for sure)

POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.