My suggestion would be to run the PHP Web Server on a different server to where you are retrieving your files. The file server can then define its own polices of what you can read/write to etc. Your web server can then map a drive to the file server, and anybody writing PHP scripts won't be able to modify read-only scripts.
Hope that's clear! Richard -----Original Message----- From: Ben Joyce [mailto:[EMAIL PROTECTED] Sent: 07 April 2004 11:30 To: [EMAIL PROTECTED] Subject: [PHP] PHP security in a hosting environment hi. one of my clients whom we host a website for has expressed interest in writing their own php/mySQL applications for their site. i've been looking in to the security implications of offering this service. My concerns are that the client *could* use a php script to access parts of the file system, registry (this is a Win32 environment), or other such things. I found a good article at http://www.securityfocus.com/infocus/1706 - it details some of the settings in the php config that can be used to prevent malicious scripting. Does anyone here have experience of securing a php server, and might have any advice on what else to watch out for? Any help appreciated. Thanks. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ============================================================================== This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ============================================================================== -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php