How to configure extensible security sites?

0 like 0 dislike
11 views
Task: place on a single server a few sites. Problem: a user of one site can write a script that will fit into another site or go wander around the directories at the top level. How to restrict access to php scripts to the directories above the preset level.
by | 11 views

2 Answers

0 like 0 dislike
For example
open_basedir string
Restricts the specified directory-tree files that can be available to PHP including the file itself. This Directive is NOT affected by safe mode.

When a script tries to access the file, for example, with fopen() or gzopen(), it checks for the file's location. If the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so that they will not be able to work around this limitation. If the file doesn't exist then the symlink can't be read and the file name (read) will be considered open_basedir .

Open_basedir can affect more than just functions for working with the file system; for example if MySQL is configured to use mysqlnd drivers, LOAD DATA INFILE will be affected by open_basedir . A lot of the functionality of PHP uses open_basedir.
by
0 like 0 dislike
It's a stupid decision, all sites must be from different users and with normal rights and
by

Related questions

0 like 0 dislike
2 answers
asked May 22, 2019 by difficultnicknameforcommu
0 like 0 dislike
4 answers
0 like 0 dislike
4 answers
asked Jun 7, 2019 by logpol32
0 like 0 dislike
2 answers
110,608 questions
257,186 answers
0 comments
33,911 users