Hello ,
I am an hosting provider . Your file manager works great , so i am considering to buy a license .
However I noticed a security problem . The "command" function provide the client
an ssh/telnet session via web .
For example every client could use cat /etc/passwd and then could browse each user
executing ls /home/user/public_html and so on cacthing code and clean passwords .
Is there any way to restrict the usage of command in the /home/user directory ?
(I am not a perl expert . On php there is the "php safe mode" that restrict the usage of "command" on a shared enviroments . Is there anything similar to php_safe_mode on perl ?)
Thanks a lot
Graziano
I am an hosting provider . Your file manager works great , so i am considering to buy a license .
However I noticed a security problem . The "command" function provide the client
an ssh/telnet session via web .
For example every client could use cat /etc/passwd and then could browse each user
executing ls /home/user/public_html and so on cacthing code and clean passwords .
Is there any way to restrict the usage of command in the /home/user directory ?
(I am not a perl expert . On php there is the "php safe mode" that restrict the usage of "command" on a shared enviroments . Is there anything similar to php_safe_mode on perl ?)
Thanks a lot
Graziano