3

Im making sort of a service where people can upload PHP files and they get their own directory.

Is there a way to prevent any way the PHP can access the root of the server? and just stay in the bounderies of its folder?

Joseph
  • 33
  • 3
  • Beware of a common vulnerability in this sort of feature: make sure that the files users upload cannot be executed. Especially if they upload, say, a `.php` file. – Frank Farmer Feb 18 '10 at 18:32

2 Answers2

1

The open_basedir directive does just that :

Limit the files that can be opened by PHP to the specified directory-tree, including the file itself.

Pascal MARTIN
  • 395,085
  • 80
  • 655
  • 663
0

The most secure would be to chroot Apache and PHP.

Brock Batsell
  • 5,786
  • 1
  • 25
  • 27