I run a PHP-based Web site hosted on a shared UNIX server provided by a
pretty standard Web hosting company -- as I imagine do many people.
There are a lot of users on this server, and I know nothing about them.
Apache (and thus PHP) generally runs as www or nobody, so although each
user on this shared server has a separate account, all PHP scripts run
as the same user. As such, I have a few security concerns:
1. I restrict access to certain portions of my site, either with
.htaccess/.htpasswd files or with a PHP equivalent. This works fine for
anyone using a Web browser, but it leaves a security hole: One can
write a PHP script that circumvents the Apache access restrictions,
either by calling a UNIX shell command (using passthru(), backticks,
etc., only some of which are blocked on my server), or, more
disturbingly, by using the include command. Using either of these
methods in a publicly available page can circumvent htaccess- or
PHP-based authorization and output the contents of a supposedly
restricted file, _including_ a file in another user's Web site.
2. I am working on a PHP script that allows users to upload images,
view them, and ultimately send them over email. All the problems listed
in (1) apply, but in addition, these images' owner is www or nobody,
the user PHP runs as. As such, not only could other users on the same
shared server view these uploaded files, they could modify or delete
them through a PHP script, and it doesn't matter what I set the access
privileges to with chmod(), since they can call chmod() on the files
themselves. Now, I can run a checksum at upload time and verify it
later on to ensure that uploaded files haven't been changed. But that
might still leave a few seconds (between upload and checksum) during
which a file could be altered, and doesn't protect against deletions.
Both (1) and (2) are disturbing to me, since if I'm protecting a
portion of my site I don't want several hundred random people (whose
only qualification is that they purchased Web space at the same company
I did) to have access to it. Is there any way, short of a dedicated
server or a wholesale switch to another server-side language, to avoid
these problems?
Thanks.
--Dave
------------------------------------------------------------------------
--
David Feldman
User Interface Designer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
- Re: [PHP] security issues on shared servers David Feldman
- Re: [PHP] security issues on shared servers Jason Sheets
- Re: [PHP] security issues on shared servers David Feldman
- Re: [PHP] security issues on shared servers David Feldman
