CarbonCopy Posted April 14, 2009 Share Posted April 14, 2009 I run a dedicated server with Apache and PHP on CentOS 5. I have many different websites on my server, and I don't want PHP to be able to read/write/access directories outside of the site directory. For example, a client has the site root /www/mysite.com/. I know from experience I can write a simple script to give me a directory listing of /www/ or even another client's site. A few shared servers even let me read other directory's files allowing me to find passwords. How do I prevent this and is it through apache or php? EDIT: Any ideas how to prevent users from running shell scripts in there own directory and how could I prevent this same thing with Perl, Ruby on Rails, Ruby, and Python Thanks Link to comment https://forums.phpfreaks.com/topic/153942-restricting-directories/ Share on other sites More sharing options...
vicodin Posted May 5, 2009 Share Posted May 5, 2009 When you set the document root in apache of where the site is then it will be able to go through sub directories of the document root but nothing before that. The only problem i could see is it you allow the PHP script to use the command exec(); then its like the php script is accessing the terminal. Link to comment https://forums.phpfreaks.com/topic/153942-restricting-directories/#findComment-826376 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.