[plug] Web Application Installer

James Devenish devenish at guild.uwa.edu.au
Sat Jan 29 17:07:08 WST 2005


In message <1106883461.22436.55.camel at latte.internal.itmaze.com.au>
on Fri, Jan 28, 2005 at 02:37:41PM +1100, Onno Benschop wrote:
> A PHP script runs as either the owner of the web-directory or the
> owner of the web-server process,...generally the latter implementation
> is more common...Am I fundamentally trying to make something work that
> should never work,

As Carl says, it shouldn't work. If it *did* work, and your client could
install the programme, then any other client of that webserver could
also install the programme into your client's webspace! Additionally, if
the application is configured using flat files (and those files are
owned by the web server) then any other user could modify your client's
site. Perhaps what you want is for the user to upload the installer as a
setuid CGI script :-P Note that the installer should delete itself once
installation is complete.





More information about the plug mailing list