bky1701 Posted April 24, 2006 Share Posted April 24, 2006 Hi, I have a problem (I'm using the newest PHP and Apache), I have a few “sub sites” that other people run on my self-hosted server, but a few weeks ago I found a major security risk: any sub-site (HTTPROOT/sub/[site name]) can use PHP to edit/delete/view any other sub-site or any of the main site (HTTPROOT/ICU and HTTPROOT/FOM are the important ones).I want to be able to set permissions somewhere to only allow scripts in certain folders to go backwards (ie, I want to let the sub-sites go back from HTTPROOT/sub/[site name]/forum to HTTPROOT/sub/[site name], but not allow them to go any further then their sub-site's root).I know it can be done with a virtual host... but that is not really what I want, I know there must be a better way.How can I fix this? Quote Link to comment https://forums.phpfreaks.com/topic/8216-http-root-filesystem-not-secure/ Share on other sites More sharing options...
bky1701 Posted May 9, 2006 Author Share Posted May 9, 2006 Any help? I really need this fixed soon. Quote Link to comment https://forums.phpfreaks.com/topic/8216-http-root-filesystem-not-secure/#findComment-34504 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.