the_oliver

Grate, will try that then! Looks like it can get a little deap with out it! Many Thanks.

Thanks, Just blind evidently!

I realise that its never possible to do compleatly, i just want to make it harder! I know there a way of doing just though two things to any image, with out having to place anything over the top etc. Thanks!

Hello i want to do that thing where it is not possible to copy an image from my web page by right clicking it, or draging it off. Anyone know how this is done? Thanks!

There are ftp programs which have there access list controled from a flat file? This could be easly writen to using php? (sorry, the thought came to me a little late!) Cant think of one off the top of my head. If i do ill post it!

Spent a while looking into this.... For security it is odviously a bad idea to have your standard web user alter anything 'system critical'. And edditing the /passwd file direct would definatly not be a good idea! I have done it through the use of cron. I have a root cron job (solves the privilages problem) which runs a php script as root. This script looks for value in a database and used it to change the password. This be it does using the shell_exec() function. Importantly for secutity, the part in the database in only a little bit of the comand run inside the shell_exec(). The rest is generic say: this meens that someone gets access to the database, they cannot insert direct comands for the server to run as root. The biggest problem with the method shown above is that the server will ask for the password value twice, which this function cannot cope with. This can be solved by sending an incripted password to the useradd linux comand. This however requires something like a c scrip. Long story short there is know easy way to do this. Hope this helps.. Shout if i have explaind it in to much of a jumble!

Hello, I have been asking in the php Help forum how to upload files in to a postgreSQL database. I suddenly realize that i dont want other people being able to do this to databases on my server! Is there some way i can stop this being possible. Also if is there some way i can stop users being able to see what other databases are hosted on the server? (eg the \l comand?) Lastly does any one have any tips on streem lineing mas database hosting for better security an preformance? Many Thanks.

File location idea is intresting, but i would like also to know how to store them strate. How would i go about this BLOB thing? Thanks

Hi, Was wondering if some one explain how put files into a database, and then, for something like images, use them! Database i am using in postgreSQL. Can they just be inserted into a standard table coloumb and thus search like anything else? Many Thanks!

Hello, Im looking for a way to create PDF's on demand. It would create the pdf from a standard template (A4) taking variables sent to it into account? The idea would be to email it to someone. Anyone able to give me some advice? Thanks

steviewdr: That looks really clever!  Can it be used to run multiple, compleatly indipendant, servers off one peice of hardware?

It should just take the infomation from the local users and passwds. Are you running any nifty encription type things there. Else can you post your conf file?

Not realy! Sorry! I dont know of any free ones, due to the amount of trafic they would get. However whoever you bying your domains from will probaby provide one. Often there used in conjunction with fopen(). Sorry i cant help more with that. Whois is realy the only way to do it acuratly tough. (after though. If your running unix based OS, type whois adomain.com into the prompt. Perhaps you can feed it through this way).

Sounds like a much better idea! especialy as inevitabley not all file types will be secure or not!

Server for all top level domains is a whois server. Hundreds out there.

Im not realy sure what he is saying! if you add - before the address most mail clients will tray to reply to an address with that at the begining. If you leave the mailed-by it will use the server name. Perhaps you can clarify what your trying to do a little more? Are your emails being blocked as they are? Or is this just to tr and insure there not? (not possible!) Or is it just one persions spam filter that does not like it?

Still would not find domains that dont have a DNS record, or even domains without an A-record, or who use somethingelse.html rather than index.html etc...

best way is to stick the server behind some kind of hardware firewall, but expencive.  Cisco PIX is the best ive found, even there lower range, but come with a hefty price! Also usefull to have a second network card, on diffrent subnet, (idealy a non public IP) so you can still get to your server durin a DoS attack.

As far as i know you cannot protect a directory but exclude parts with-in it. You could split your site tree. EG: Have a main folder not protected. In this have a protected folder and a non protected folder. Then just link between the two.

Almost certinatly VSFTP. Fantastic FTP client, likly just to be a problem in the conf file. Might be worth reinstalling it. Apache can only limit access for its own proces.

Best thing to do would be using .htaccess You can insist on that in the .conf file. The folowing is from a Linux httpd.conf but i imagen very similer. (posibly identical!) <Directory "[i]thedocumentroot[/i]"> Options None AllowOverride None Order allow,deny Allow from all AuthName "PageName Access" AuthType Basic AuthUserFile [i]fileparth[/i]/htpasswd.users Require valid-user </Directory> I did a google on '.htaccess on windows' and got loads!

You dont want someone who recives an email, to see the address there replying to?? is this correct? If so the only way i can see of doing this would be to have a pm system on the site, forwording to peoples email, or a horendsly complicated system where all mails are sent to you server, and then forworded based on a unique id number. As to the making it look like its from someone else, just define the address its suposed to be from as a variable in the mail() function.

Some regesterd domains wont have a valied DNS record attached! May just be held, or pointing to a server with no record. The only way to acuratly check domain avalibility is through the use of a 'whois' server. checkdnsr is for domains with a record, not for the porpos your using it for. Hope this helps.

Not sure if this helps, but spam filters work by looking at the address of the SMTP server the emails are sent from, or any relays they pass through. I dont think it is possible to define this, other then by the servers settings. If its not a domain that can be found through a revers lookup, then the ip address will be checked. As to the reply-to part, this field is not realy nessesery. If its not there it will just assume it to be the from address. Hope i havent got the wrong idea! Who told you that you need to set this?

I realise this is a little old, but im also intrested in it!  Did you ever find a solution?