PHP Security, Part 1
Subject:   no PHP security on shared web servers
Date:   2003-08-22 06:57:48
From:   anonymous2
Response to: no PHP security on shared web servers

The Web hosting company could add an open_basedir directive in the config file for each client's "root" (top-level or virtual host) folder:

Client ABC gets the directive:
open_basedir = '<somepath>/clientABC/'

Client XYZ gets the directive:
open_basedir = '<somepath>/clientXYZ/'

The default directive for PHP is:
open_basedir = '.'
(If not explicitly set for a folder, PHP scripts can only fopen/include from the current folder)

This seems to make it substantially more difficult for PHP code in /clientABC/ to get to code in /clientXYZ/ - although I won't say it is impossible...

1 to 1 of 1
1 to 1 of 1