PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
magicrobotmonkey wrote:yea exactly - each user has their own folder and you restrict their access to that folder. Cept often there will be a separate cgi-bin folder where is the only place things can be run. you could either have one for each user or have a universal one, with permissions set file to file.
but this part of the discussion is more for some other type of forum.
Ask yourself a few questions here...
What is to stop someone from running a PHP Script that could read/export the entire server database? Or stop someone from clogging up your mail server with a spam bot? Or use a script to view other people's source code, and copy/delete files? Or what is to stop someone from using [php_man]ini_set[/php_man]() to change critical PHP settings? Or what is to stop someone from using [php_man]exec[/php_man]() and totally destroying the system?
Solve those and I think you could be okay with what Malcolm suggested.
bla bla bla use a script to view other people's source code, and copy/delete files? Or what is to stop someone from using [php_man]ini_set[/php_man]() to change critical PHP settings? Or what is to stop someone from using [php_man]exec[/php_man]() and totally destroying the system?
Solve those and I think you could be okay with what Malcolm suggested.
Thats exactly why i asked! Thank you heh i read this thread and thought "fek nobody understands me" but there we go you can see, i'll be checking out that google stuff when time is on my side, electronics to mess up now thanks again,
vitual machines would work yeah, but it and future servers will be windows 2003 and i don't know of a virtual machine that lets me run thousands of intances at a satisfactory level of performance, and it is php that i'm concerned about not windows users, i can set as many permissions as i want, a php script can and will have the power to control the filesystem, so i guess its looking more like the safe mode thing or maybe writing my own php style isapi filter....
hmmm
maybe this makes sense to you guru's or maybe still theres another way around this?? i am ver n00b...........