Jump to content


Photo

HTTP Root filesystem not secure


  • Please log in to reply
1 reply to this topic

#1 bky1701

bky1701
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 24 April 2006 - 01:25 AM

Hi, I have a problem (I'm using the newest PHP and Apache), I have a few “sub sites” that other people run on my self-hosted server, but a few weeks ago I found a major security risk: any sub-site (HTTPROOT/sub/[site name]) can use PHP to edit/delete/view any other sub-site or any of the main site (HTTPROOT/ICU and HTTPROOT/FOM are the important ones).

I want to be able to set permissions somewhere to only allow scripts in certain folders to go backwards (ie, I want to let the sub-sites go back from HTTPROOT/sub/[site name]/forum to HTTPROOT/sub/[site name], but not allow them to go any further then their sub-site's root).

I know it can be done with a virtual host... but that is not really what I want, I know there must be a better way.

How can I fix this?

#2 bky1701

bky1701
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 09 May 2006 - 03:03 AM

Any help? I really need this fixed soon.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users