security - Does read-only file system access guarantee a write access? -

-

I am developing a web application and I wonder if someone is only readable to my file system, is it The person (assuming that everything is necessary) has a write access to the system? For example, if you have a PHP script that outputs any file content on the server - should anyone be able to access the actually system write? Like ... can he rewrite PHP scripts?

I'm talking about web server ... so both Windows & amp; Linux related comments are welcome In addition, in such cases where most of the cracker can have a write facility for most files, but not for everyone on the system?

I'm just curious to summarize: "Is there a vulnerability in a PHP local file, is that any time the cracker is allowed to write files?"

A malicious user can download and crack your password file, or maybe the MySQL user table Can read and receive the password for my MySQL root user. Then use that user to take advantage of privilege enhancement and to do something similar.

The option for MySQL for Registry (or SAM) and MSSQL passwords and similar logic functions on Windows. No, it will not be very easy, but yes, they will succeed.

Do not let anyone (read) access your system completely

Express me differently. If I have a PHP application running and someone can read my PHP files through unsafe PHP scripts and have only read DB access, then will it be able to crack my whole server?

Maybe. In that case the possibility of being able to hack your server is non-zero, so you can not allow such a security hole. They may not be able to rewrite your PHP scripts, but only the readable DB user can use it in the database server for example.


Comments

Post a Comment

Popular posts from this blog

c++ - Linux and clipboard -

-
After selecting the copies of the buffer in Linux, after the text, we can click and paste the button between the mouse. I think there is a special buffer for this, I want to use it. Programming Language: C ++ Your Library: Qt Thanks. There is just one more correct answer than Paul Dixon, which answers your needs: / P > QClipboard * clipboard = QApplication :: clipboard (); CastString Selected Text = Clipboard-> Text (QClipboard :: Selection);
Read more

What is expire header and how to achive them in ASP.NET and PHP? -

-
I have examined the performance statistics of my website today. I have received a warning (or error may occur) that is given below Add Terminal Headers Here are 15 static components without a 15-futures end date * (no end) Http://www.example.com/video/css/global.css * (no time limit) http://www.example.com/video/js/global.js * (no expiration ) Http: //www.example.com/video/images/main-bg.png what it means and how to achieve it both in PHP and ASP.Net. I am on a shared hosting server, so please tell me some ways to use the code, because I can not make any modifications at the end of the server. If I expire the header, then there is no chance that if I make changes to the CSS, then the user will not be able to remove them immediately because CSS and other files have a fixed time limit (1 month, week ) Are cached for. Is Is there any harm to using PHP? $ time = time () + 3 * 24 * 60 * 60; // 3 day headings ('End:'. GMDAT ('D, D MYH: i: s \ g \ m \ t',
Read more

sql server - How can I determine which of my SQL 2005 statistics are unused? -

-
After a few years, one of my biggest databases has deposited 73 figures out of its largest tables. With Indexes, I can run many types of reports and queries, how often / heavily specific indexes are used. What is an equivalent for data? We are running SQL 2005. To make statistics automatically managed and honest, I would like to "update statistics", "create statistics" and There is no information about any management except "drop statistics" orders. In theory, UPDATE should handle the addition and removal of statistical data. In addition, I've never heard about the amount of storage or storage taking in large amounts, so I'm not sure whether there is any reason for the alarm or not. If you are seeing a potential problem, then I would suggest running an update before, if it does not clean it, it is leaving and then it appears to be safe operation (because it is the only query optimizer Is for). I will not leave "left" in the
Read more