Viewing PHP source -- security, preventing hacking

**Twey** · 09-16-2007, 07:46 AM

It's possible to have the scripts owned by different users, with permissions set up so that the one can't read the other or write to a webserver directory with incorrect permissions. Something like:

Code:

drwx------    apache apache    www/
  drwx------    apache apache    main/
  drwxr-x--- otheruser apache modules/

You then just have to work out a way to stop Apache reading PHP files owned by apache in the modules directory... As djr33 said, even with this allowing untrusted users PHP access opens up too many potential holes to really be a feasible option.

**djr33** · 09-16-2007, 10:24 AM

rm_dir('../');

**Twey** · 09-16-2007, 11:04 AM

Sorry, I assumed that would be default: modified listing.

Thread: Viewing PHP source -- security, preventing hacking

Thread Tools

Search Thread

Bookmarks

Bookmarks

Posting Permissions