CarbonCopy Posted April 14, 2009 Share Posted April 14, 2009 I run a dedicated server with Apache and PHP on CentOS 5. I have many different websites on my server, and I don't want PHP to be able to read/write/access directories outside of the site directory. For example, a client has the site root /www/mysite.com/. I know from experience I can write a simple script to give me a directory listing of /www/ or even another client's site. A few shared servers even let me read other directory's files allowing me to find passwords. How do I prevent this and is it through apache or php? EDIT: Any ideas how to prevent users from running shell scripts in there own directory and how could I prevent this same thing with Perl, Ruby on Rails, Ruby, and Python Thanks Quote Link to comment Share on other sites More sharing options...
vicodin Posted May 5, 2009 Share Posted May 5, 2009 When you set the document root in apache of where the site is then it will be able to go through sub directories of the document root but nothing before that. The only problem i could see is it you allow the PHP script to use the command exec(); then its like the php script is accessing the terminal. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.