Jump to content

Recommended Posts

I run a dedicated server with Apache and PHP on CentOS 5. I have many different websites on my server, and I don't want PHP to be able to read/write/access directories outside of the site directory. For example, a client has the site root /www/mysite.com/. I know from experience I can write a simple script to give me a directory listing of /www/ or even another client's site. A few shared servers even let me read other directory's files allowing me to find passwords.

 

How do I prevent this and is it through apache or php?

 

EDIT: Any ideas how to prevent users from running shell scripts in there own directory and how could I prevent this same thing with Perl, Ruby on Rails, Ruby, and Python

 

Thanks

Link to comment
https://forums.phpfreaks.com/topic/153942-restricting-directories/
Share on other sites

  • 3 weeks later...

When you set the document root in apache of where the site is then it will be able to go through sub directories of the document root but nothing before that. The only problem i could see is it you allow the PHP script to use the command exec(); then its like the php script is accessing the terminal.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.