Re: [PHP] How to solve include_path / safe_mode / open_basedir /document_root
PHP4: 4.3.2 Likewise, my intention is to restrict the user within '/home/ahank/public_html' when using fopen(), but allow the user to use include() on files in '/usr/local/share/wl'. Here is my VirtualHost config: php_admin_flag register_globals Off php_admin_flag safe_mode On php_admin_flag safe_mode_gid On php_admin_value include_path /usr/local/share/wl php_admin_value safe_mode_include_dir /usr/local/share/wl php_admin_value open_basedir /home/ahank/public_html However, I get this error when loading a page which includes files in this shared directory: Warning: main(): open_basedir restriction in effect. File(/usr/local/share/wl/hahaha.php) is not within the allowed path(s): (/home/ahank/public_html) in /home/ahank/public_html/test.php on line 3 Warning: main(hahaha.php): failed to open stream: Operation not permitted in /home/ahank/public_html/test.php on line 3 Warning: main(): Failed opening 'hahaha.php' for inclusion (include_path='/usr/local/share/wl') in /home/ahank/public_html/test.php on line 3 It would seem that 'safe_mode_include_dir' has nothing to do with 'open_basedir'. Is there an equivalent to 'open_basedir_include_dir' which will allow one to only interpret files by way of include/require? - hank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] including files with open_basedir restriction
In response to the post found at: http://marc.theaimsgroup.com/?l=php-generalm=104913671122253w=2 I would like to use open_basedir to stop users from reading the contents of system files, while using include/require to let users take advantage of scripts that I have created. These scripts have DB passwords which I would like to keep secret. While they are outside of the Apache document root, this post states include() must be relative to one of the directories listed in open_basedir. This would allow users, knowing the name of the script, to read its contents with an fopen(). As there are many ways to skin small mammals, what security mechanisms are there in place to prevent this from happening? Are there any other approaches I can take to solve this problem? I think, ultimately, what I am asking for is a way to allow access for the php interpreter to parse the file (with include) while disallowing access to open the file for reading with fopen). Thank you for taking the time to read this. I would be very grateful to hear any experiences and suggestions the users of this list may have. Sincerely, Adam -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php