ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button
  PHP Security, Part 1
Subject:   no PHP security on shared web servers
Date:   2003-08-22 06:57:48
From:   anonymous2
Response to: no PHP security on shared web servers

The Web hosting company could add an open_basedir directive in the config file for each client's "root" (top-level or virtual host) folder:

Client ABC gets the directive:
open_basedir = '<somepath>/clientABC/'

Client XYZ gets the directive:
open_basedir = '<somepath>/clientXYZ/'

The default directive for PHP is:
open_basedir = '.'
(If not explicitly set for a folder, PHP scripts can only fopen/include from the current folder)

This seems to make it substantially more difficult for PHP code in /clientABC/ to get to code in /clientXYZ/ - although I won't say it is impossible...

1 to 1 of 1
  1. no PHP security on shared web servers
    2003-09-02 12:37:56  anonymous2 [View]

1 to 1 of 1