> so I've been doing a little thinking about web server security.. > > #1. Since all files on the web are 644, what is to stop someone on the > same server from copying your files to their own directory? > (specifically your database connection info) > #2. if a folder if 777, what's to stop someone from writing to that > folder? Virtual Servers http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213304,00.html People can only see their own directories and files. PHP Safe Mode http://us2.php.net/features.safe-mode Check the section titled Safe Mode in the php.ini file. It has settings that help lock things down. Apache open_basedir Also detailed in the PHP Safe Mode documentation. There are a few other things that can be done to limit the scope of access, but all of it really depends on how the server is setup. I've seen many situations where hosting providers set accounts up with basic Virtual Hosting without doing any sort of lock down. If you're not careful and chose one of those providers, then you're definitely open to the sort of security breach that you've described. -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
