Hi there all, First of all, I'm a (somewhat) advanced PHP developer, and have a great experience on setting it up.
I have a very serious concern about security in a multiuser PHP virtualhosting environment. I'm planning on setting up a free hosting for local users, using a single server, with PHP and MySQL support. The users sites would be managed using Apache VirtualHosts. The users itself would be managed using a MySQL backend for ProFTPd (for providing file uploads facilities). However, here comes my big concern. Users could use the PHP filesystem functions to access the other users directories, thus read the source files and gaining inmediate access to databases passwords and other kind of sensitive data. I've been trying to look up a lot of alternatives in order to address this issue; however, none of them seems satisfactory for my setup. Is there any way to run PHP in a setuid environment for each of the VirtualHosts defined by Apache? Has anyone already gone through this setup which can guide me on the steps required for doing so? Best regards, -- Carlos Oliva G. Igloo Sistemas Ltda. [EMAIL PROTECTED] - http://www.igloo.cl Tel/Fax: +56 32 684798 -- PHP Install Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
