Host unlimited blogs, sites, forums for $4.95 only with this host

Webhosting : Control panel written in php security question

By reviews

Hostgator and Bluehost are our best webhosts and godaddy.com is the best domain registrar.

This web hosting thread started by steve45 0n 30 June 2009

I am kind of new to PHP

I am developing a site, similar to control panel, where people could register for an account, and upload their web pages.

When people register an account, a folder will be created for the user, and will be named with his/her username. However this folder will be owned by the linuxuser “http” since pages will be uploaded by people via a control panel written in PHP. So folders allocated to users, and any file that gets uploaded via the control panel will all be owned by the linuxuser “http” with permission 755.

Customer authentication is performed using a table stored in MySql. No linuxuser account will be created when a person registers for a webspace/account.

Now this is my question:-
If a CUSTOMER uploads a script, lets say written in php to read any file accessible by the linuxuser “http”, wont he be able to see the contents of those files, including /etc/passwd ?

How do we prevent it? Or is there a better design?

Discuss this at WHT or read more about bluehost and hostgator

This entry was posted in Discuss Hosting Bookmark this post and come back later for the best web hosting coupons.

This web hosting blog is proudly hosted with reliable Hostgator webhosting for only one cents through this hostgator coupon. If you're new here, you may want to subscribe to this web hosting RSS feed

-->