Hi folks. I recently set up hosting for my site and have noticed something which is making me nervous.
I can't seem to include files outside of my webroot, so I wrote a script to test permissions using passthru to output the results of a bunch of ls -la commands to see what I did and did not have access to. Eventually I was able to read the directory which holds the root folders for all sites on the server, and from there I was able to read files (revealing the php source) from the webroot of another site. This to me is a huge security issue since if anyone has any sensitive information there, it could easily be accessed by anyone else hosting on the same server. And because I can't seem to include files from outside my webroot, if I stay with this company I'll be forced to include information such as database passwords inside my webroot, therefore exposing the information to every other user on the server, and that's just not acceptable. All of my experience until now has been in situations where the sites I've worked on have been hosted on dedicated servers, so this has never been a problem. Is this a common set up for shared hosting? Is there any way around this? Cheers and TIA. Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
