redeye
02-04-2005, 01:07 PM
How can I avoid the users to read eachothers files, using php.
What I mean is this: when I have an webhostaccount on an server, I can make an php-script and can read everyone's files that they host in their home-dir. Including for instance an db.php file. Agree I have to know the exact position, but..
- openbase-dir is allready used, but i can't go further then /home
- disable php-functions as far as possible, but I can't disable all, because some common scripts like phpBB2 use those functions
Safemode is the last resort, so any other option is welcome, very welcome.
What I mean is this: when I have an webhostaccount on an server, I can make an php-script and can read everyone's files that they host in their home-dir. Including for instance an db.php file. Agree I have to know the exact position, but..
- openbase-dir is allready used, but i can't go further then /home
- disable php-functions as far as possible, but I can't disable all, because some common scripts like phpBB2 use those functions
Safemode is the last resort, so any other option is welcome, very welcome.