Hi I am working on a web hosting project. Need advice to deal with some security issues: Listed below are the settings: (a) Host name is “comp1.com†(b) Web server is Apache. (c) I have a folder name “webhostingâ€. This is in the “/†folder. So the path is “/webhosting†(d) In the /webhosting folder there are three folders, for three different users: (1) /webhosting/user1 (2) /webhosting/user2 (3) /webhosting/user3 (e) I have three users : user1, user2 and user3 (e) There is a control panel written in php via which customers can upload files to their respective folders. They are restricted to upload the files only to their folders Now, this is my doubt/question: Since the files will be uploaded via php, the file owner of all files under “/webhosting†will be Apache. (a) If “user3†write a php code to lists all files under “/webhosting†and uploads it in to his directory, won’t he be able to see all files under “/webhosting†when he executed the script? (b) Since this is a major security concern how could we avoid it by restricting the user’s php code to access files only in his directory? In this case “/webhosting/user3†is the user3’s directory. Thanks, Siber
Got the answer I was looking for in: http://articles.techrepublic.com.com/5100-10878_11-5272345.html?tag=rbxccnbtr1 Regards, Siber