I use php4 in apache as a module. It seams that I can only setup php with php.ini.
I want to use the open_basedir option to limit php to a web site files. But my apache use virtual host. It means that depending on the host (fun.test.org or www.test.org) I start in /home/httpd/fun or /home/httpd/www as the html root. When I am connected to fun.erasme.org, I want open_basedir to be equal to /home/httpd/fun and when I use www.erasme.org, I want open_basedir to be equal to /home/httpd/www. I want this to protect a web site (with an administrator) against another web site (with another administrator). Like I can't use .htaccess for open_basedir neither httpd.conf I have no way to change this value depending on the web site. I try in php.ini : open_basedir = $DOCUMENT_ROOT; Because DOCUMENT_ROOT is an environment variable which contains /home/httpd/www or /home/httpd/fun. But it doesn't work. php.ini is not dynamically evaluated (I think). Is there is solution for this security problem ? Daniel Lacroix -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
