PHP Developers Network
http://forums.devnetwork.net/

PHP security issue
http://forums.devnetwork.net/viewtopic.php?f=34&t=140533
Page 1 of 1

Author:  doxuan1993 [ Sun Nov 09, 2014 11:18 pm ]
Post subject:  PHP security issue

Hope this is the correct forum for my question.

I have installed PHP on a IIS7.5 Windows 2008R2 server shared hosting server. PHP works. But with a simple php script I can browse over the complete server. I can set open_basedir to the users home directory by add add name="PHP via FastCGI" path="*.php" verb="*" modules="FastCgiModule" scriptProcessor="C:\php54\php-cgi.exe|-d open_basedir=c:\inetpub\wwwroot\userwebsite" resourceType="Unspecified" /> into web.config. But the user can change the web.config so after change this he can again browse over the complete server. So this is not the way to do this.

Can anyone tell me how I can hold the user in his own website directory?

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/