Sorry if there is any confusion. The question is entirely PHP related. My concern is limiting the scope of PHP's use in my file system. I know that there are commands that can be put into PHP.ini that affect the areas in which read/write operations can be performed by PHP. I'd like to offer PHP support to several websites, but not if they have total access to the server's file system, which appears to be the default setting for PHP.
"Ross Fleming" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > No offence, but chances are that no-one is answering because it's not a PHP > related question. My advice to you is to read the faq's at apache.org (the > correct address you need is http://httpd.apache.org/docs/misc/FAQ.html > specifically section E) and set up apache securely first (which is not too > difficult, by default, apache only gives people read access to everything > within the htdocs folder and nothing else) and once you've done that, > install PHP on top of it. You'll find that PHP makes little or no > difference to the security of your web-server. Reading your email a bit > more thoroughly it seems that you want to host several websites from one > machine, yes? In which case, you want to use the Virtual Hosts functions of > Apache, see http://httpd.apache.org/docs/vhosts/ for further details. > > Anyway, good luck. Oh and another link I just found is the support web-ring > for apache: http://p.webring.com/navcgi?ring=apachesupport;list > > Have fun! :) > > Ross > > -----Original Message----- > From: Tim Mackenzie [mailto:[EMAIL PROTECTED]] > Sent: 02 April 2002 16:47 > To: [EMAIL PROTECTED] > Subject: [PHP-WIN] Re: Security using Apache & Windows > > > No one can help?! Please, please, please... > > "Tim Mackenzie" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I'm running W2K with Apache and PHP4. I'm going to be hosting a number of > > websites that I would like to provide PHP support for. What I don't want > is > > them to be able to access my entire file system. They should, at most, be > > only allowed read/write access to their site folder. How do I go about > > doing this? I've looked around, but I haven't found something that > > addresses this. I know there's the basedir value (I think that's it), but > I > > don't understand how to use it. Could somebody (several people) please > post > > any tips they have for securing the file system of a web server. Thanks! > > > > > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
