Hi, I am currently developing a website that will allow users to upload files, mostly small personal websites and landing pages. Each user will be given their own directory to which they can upload their files. This will also include PHP files. I understand this may cause a problem with the security of my website, so i was just wondering if you knew of any precautions i could take to stop anything going wrong. My main concern is the privacy of each user, it wouldn't take a genius to write a script to list directories and files within them, so i was also wondering if there was a way to stop scripts from venturing outside of a given directory? I would greatly appreciate ANY advice you can give me regarding this kind of website. Thanks.
As far as I know, to make a file NOT operate outside of the directory is something very tough. Imagine having this happen to ALL the php files? Plus, any user can just simply upload a shell file, and that's it, there goes your server. Best precaution in my opinion? Don't let them upload php files.