Page 1 of 1

Restricting script access, but not web

Posted: Tue Oct 27, 2009 12:59 pm
by blaher
I'll have to set up a example, so I can explain this better.
Say I have the following directory setup:

/public_html/
- /config.php
- /index.php
- /inc/
- /site1/
- /site2/

In /public_html I have the domain rootsite.com pointing to /public_html/ I have site1.com pointing to /public_html/site1/ and site2.com to /public_html/site2/.

Site1 and site2 are my friend's sites.

Now the problem is there could be a injected file in /site1 that uses:

Code: Select all

 
<?php
    include('../config.php');
    echo $password,'\n';
    include('../site2/config.php');
    echo $password,'\n';
 
    $fh = fopen('../index.php', 'w');
    fwrite($fh, "You've been hacked\n");
    fclose($fh);
?>
 
I want to restrict this somehow from happening, without blocking web access.

Re: Restricting script access, but not web

Posted: Tue Oct 27, 2009 2:48 pm
by akuji36

Re: Restricting script access, but not web

Posted: Tue Oct 27, 2009 3:26 pm
by blaher
akuji36 wrote:Take a look at this
http://www.wmtips.com/php/simple-ways-r ... -using.htm
thanks
Rod
That's not what I want. Please read my question more thoroughly.

Re: Restricting script access, but not web

Posted: Wed Oct 28, 2009 3:22 am
by kaisellgren
PHP can't really do much about it. It's the web server's responsibility. "Shared hosting" is the term.