Security Issue

redeye

Verified User
Joined
May 11, 2004
Messages
150
How can I avoid the users to read eachothers files, using php.

What I mean is this: when I have an webhostaccount on an server, I can make an php-script and can read everyone's files that they host in their home-dir. Including for instance an db.php file. Agree I have to know the exact position, but..

- openbase-dir is allready used, but i can't go further then /home

- disable php-functions as far as possible, but I can't disable all, because some common scripts like phpBB2 use those functions

Safemode is the last resort, so any other option is welcome, very welcome.
 
Back
Top