Hi,
> Usually the Webserver is able to read the sources of the PHP
> scripts. PHP scripts may include passwords for database access.
> Since PHP is usually mod_php and not suexec'd, this seems to be a
> common problem. With account to such databases really important
> damage could be done!
It's possible to protect yourself against this. PHP has an so-called
open_basedir restriction, with which you can specify the directories that a
script is allowed to access. You can set a different restriction for every
VirtualHost.
Sander.
