hi. one of my clients whom we host a website for has expressed interest in writing their own php/mySQL applications for their site.
i've been looking in to the security implications of offering this service. My concerns are that the client *could* use a php script to access parts of the file system, registry (this is a Win32 environment), or other such things. I found a good article at http://www.securityfocus.com/infocus/1706 - it details some of the settings in the php config that can be used to prevent malicious scripting. Does anyone here have experience of securing a php server, and might have any advice on what else to watch out for? Any help appreciated. Thanks. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php