Results 1 to 2 of 2
  1. #1


    Hello ,

    one of our customers has requested me to active "function.opendir"

    Would u please let me know if there is any Security issue & risk ?

  2. #2
    Join Date
    Apr 2004
    opendir() attempts to create a directory resource handle (within PHP) and reports on success or failure to do so. A local attacker could use this to determine whether one of the following is true:
    (a) the given directory exists
    (b) the given directory does not exist or the accessing user lacks sufficient permissions to determine whether or not this directory exists at the given location.

    You can restrict the directories the user can access using the open_basedir setting in php.ini. If you do this correctly, so that the local user can only access the directories she should be able to access, (and thus can use opendir() to attempt to define those as resource handles, and check for their existance), I do not consider this function to have any security implications.

    As such, it is unusual if not unlikely that you would restrict use of this function on a default PHP installation at all. Maybe your customer is actually referring to the open_basedir restriction?
    Last edited by mnaumann; 08-26-2009 at 12:43 PM.

Similar Threads

  1. Small Php @opendir problem
    By bdwarr6 in forum Programming Discussion
    Replies: 2
    Last Post: 06-27-2007, 02:51 PM
  2. PHP opendir() question
    By GeorgeC in forum Programming Discussion
    Replies: 4
    Last Post: 12-20-2005, 11:27 PM
  3. sorting results of opendir()
    By MGCJerry in forum Programming Discussion
    Replies: 1
    Last Post: 08-02-2005, 07:47 AM
  4. opendir can list all files and directories!!!
    By ehsan in forum Hosting Security and Technology
    Replies: 10
    Last Post: 12-17-2004, 06:54 AM
  5. PHP opendir(), sorting by date?
    By Joshua44 in forum Programming Discussion
    Replies: 3
    Last Post: 11-18-2002, 11:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts