Hello PHPers,

I am quite ignorant about file system security. I was hoping you all could help me understand things.

How does one restrict php script from going (reading, writing) files in the file system? As I see it, a php programmer could change the include_path, with ini_set(), use "../" etc..., and browse all the files on the server to which the php engine has access. This would clearly not be acceptable to a web host company, so how do most hosts restrict this kind of behaviour?

Now, suppose i only have php access to my 'files' as defined by my host somehow. (again, my first part of the question is how do they do this?). Is it possible for me to further restrict this file accessibility for different sub-folders? Let me provide an example folder hierarchy and user scenario. Suppose there are two php programmers (me and you). I want full access, but I want to restrict you to your subdomain (subdomain2).

+AllUsers (me and you)
++Subdomain1 (me only)
++Subdomain2 (me and you)
++SharedDomain (me and you)
+ServerFile1 (me only)
+ServerFile2 (me only)
+SecretFile (no user)

Thanks for helping understand how to restrict/limit different php programmers from going into places I'd rather them not go.

Reply via email to