If your hosting provider has enabled safe mode then others can not include scripts that have a different uid than the owner of the current script, that prevents them from including your code.
As far as the files go you could checksum them or if you are honestly concerned about them being changed store them in your database where only you have write access, the problem with that is that for your application to connect to your database it must know the db password, if the other users have shell access they can read your applications source code and connect to your db as your application. Bottom line, safe mode makes PHP a lot safer in multi user environments but you are always going to be exposed when you go with a multi user environment. Any programming language/application encounters these problems when introduced into a large multi user environment, switching programming languages would not alleviate these security issues. On Tue, 2003-02-18 at 15:49, David Feldman wrote: > I run a PHP-based Web site hosted on a shared UNIX server provided by a > pretty standard Web hosting company -- as I imagine do many people. > There are a lot of users on this server, and I know nothing about them. > Apache (and thus PHP) generally runs as www or nobody, so although each > user on this shared server has a separate account, all PHP scripts run > as the same user. As such, I have a few security concerns: > > 1. I restrict access to certain portions of my site, either with > ..htaccess/.htpasswd files or with a PHP equivalent. This works fine for > anyone using a Web browser, but it leaves a security hole: One can > write a PHP script that circumvents the Apache access restrictions, > either by calling a UNIX shell command (using passthru(), backticks, > etc., only some of which are blocked on my server), or, more > disturbingly, by using the include command. Using either of these > methods in a publicly available page can circumvent htaccess- or > PHP-based authorization and output the contents of a supposedly > restricted file, _including_ a file in another user's Web site. > > 2. I am working on a PHP script that allows users to upload images, > view them, and ultimately send them over email. All the problems listed > in (1) apply, but in addition, these images' owner is www or nobody, > the user PHP runs as. As such, not only could other users on the same > shared server view these uploaded files, they could modify or delete > them through a PHP script, and it doesn't matter what I set the access > privileges to with chmod(), since they can call chmod() on the files > themselves. Now, I can run a checksum at upload time and verify it > later on to ensure that uploaded files haven't been changed. But that > might still leave a few seconds (between upload and checksum) during > which a file could be altered, and doesn't protect against deletions. > > Both (1) and (2) are disturbing to me, since if I'm protecting a > portion of my site I don't want several hundred random people (whose > only qualification is that they purchased Web space at the same company > I did) to have access to it. Is there any way, short of a dedicated > server or a wholesale switch to another server-side language, to avoid > these problems? > > Thanks. > > --Dave > > ------------------------------------------------------------------------ > -- > David Feldman > User Interface Designer > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
