I use php4 in apache as a module. It seams that
I can only setup php with php.ini.

I want to use the open_basedir option to limit
php to a web site files. But my apache use
virtual host. It means that depending on
the host (fun.test.org or www.test.org) I
start in /home/httpd/fun or /home/httpd/www
as the html root.

When I am connected to fun.erasme.org, I want
open_basedir to be equal to /home/httpd/fun
and when I use www.erasme.org, I want open_basedir
to be equal to /home/httpd/www. I want this
to protect a web site (with an administrator)
against another web site (with another administrator).

Like I can't use .htaccess for open_basedir neither
httpd.conf I have no way to change this value
depending on the web site.

I try in php.ini :
open_basedir = $DOCUMENT_ROOT;

Because DOCUMENT_ROOT is an environment variable
which contains /home/httpd/www or /home/httpd/fun.

But it doesn't work. php.ini is not dynamically
evaluated (I think).

Is there is solution for this security problem ?

Daniel Lacroix

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to