1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 11:57 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

PHP Include Security

         

cremesoda201

7:32 pm on Dec 7, 2006 (gmt 0)

10+ Year Member



When working on something today, I noticed that any user working with PHP can include any file, regardless of what account it's under. Is this a security risk? If so, how can I fix it?

Example: Two accounts: account1, account2

account1 has a php script on:
/home/account1/public_html/script.php

that is able to include a file such as
include("/home/account2/public_html/random.php");
with success.

Might be a dumb question, but I haven't found any answers yet.

Thanks for any help.

barns101

4:32 am on Dec 8, 2006 (gmt 0)

10+ Year Member



open_basedir: Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

[php.net...]

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 11:57 am May 2, 2026