homepage Welcome to WebmasterWorld Guest from 54.161.214.221
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
.htaccess and restricting fopen to current directory
mwylde




msg:3240481
 10:01 am on Feb 2, 2007 (gmt 0)

Hey there. I want to start a small host just for some members of a website I have but have ran into a problem.

If the member was to make a PHP file to fopen (../../otheruser/files) they could get into other peoples hosting areas.

I am on a reseller hosting plan with cPanel/WHM and have access to .htaccess. I would like to know if it is possible to keep all scripts in a certain folder to that folder/subfolders and not be able to break out of it and access others areas.

Thanks for the help
Mark

 

sabai




msg:3241378
 12:30 am on Feb 3, 2007 (gmt 0)

You want to do something like this:


php_admin_value open_basedir /var/www/dir
php_admin_flag safe_mode on

But you can't do this in php.ini, I believe ;-) Otherwise people could just override it.

You must do it in the part of your apache config files relating to the virtual host. May not be possible if you are on a reseller account. However, you can ask your host to do it and if they have any sense they will do it for you.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved