If you run php in safe mode and set your PHP open_basedir to the
DocumentRoot for the domain, then they cannot open any files outside of
that directory. In php.ini:
safe_mode = on
Then in your <VirtualHost>:
php_admin_flag engine on
php_admin_value open_basedir "/var/www/vhosts/domain.com/htdocs:/tmp"
I usually have the current directory "." in there, too.
Please note the difference between flags/values and admin_flag/values.
| "Admin" configuration settings can only be set from
| within the main Apache configuration files, and not
| from .htaccess files.
http://www.php.net/manual/en/configuration.php
Cheers, Marcel
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
