Results 1 to 10 of 10

Thread: Disable PHP access to files

  1. #1
    Join Date
    Aug 2007
    Location
    in a random little world
    Posts
    5,778
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

    Default Disable PHP access to files

    Hello SRL

    i have a bit of a problem while making Alfrescode

    i need to limit access to the files which PHP can access

    i found this
    open_basedir = /var/www/htdocs/files
    however i want the people to only access files in their folders not one main folder

    for example, there are three folder for each user
    each user can access the files in their folder, but they cannot access files in each others folder

    how can i do this, i tried google but couldnt find anything :/

    ~shut

  2. #2
    Join Date
    Oct 2008
    Location
    C:\Simba\Includes\
    Posts
    7,566
    Mentioned
    19 Post(s)
    Quoted
    180 Post(s)

    Default

    Couldn't you create a folder with the persons username on the fly? Then, create the sub folders in there. Then do something like open_basedir = /var/www/htdocs/$username/ this?
    Away for awhile, life is keeping me busy. | Want to get my attention in a thread? @Kyle Undefined; me.
    { MSI Phoenix || SRL Stats Sigs || Paste || Scripts || Quotes || Graphics }

    When posting a bug, please post debug! Help us, help you!

    I would love to change the world, but they won't give me the source code. || To be the best, you've got to beat the rest. || Logic never changes, just the syntax.
    If you PM me with a stupid question or one listed in FAQ, or about a script that is not mine, I will NOT respond.


    SRL is a Library of routines made by the SRL community written for the Program Simba. We produce Scripts for the game Runescape.


  3. #3
    Join Date
    Feb 2007
    Location
    Colorado, USA
    Posts
    3,716
    Mentioned
    51 Post(s)
    Quoted
    624 Post(s)

    Default

    a .htaccess file to hide all other files from that users php / apache besides his own? something like that.. I saw it setup before
    The only true authority stems from knowledge, not from position.

    You can contact me via matrix protocol: @grats:grats.win or you can email me at the same domain, any user/email address.

  4. #4
    Join Date
    Aug 2007
    Location
    in a random little world
    Posts
    5,778
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

    Default

    Quote Originally Posted by Kyle Undefined View Post
    Couldn't you create a folder with the persons username on the fly? Then, create the sub folders in there. Then do something like open_basedir = /var/www/htdocs/$username/ this?
    good idea, then put it in a .htaccess file which they cant edit
    correct?

    ~shut

  5. #5
    Join Date
    Oct 2008
    Location
    C:\Simba\Includes\
    Posts
    7,566
    Mentioned
    19 Post(s)
    Quoted
    180 Post(s)

    Default

    Right
    Away for awhile, life is keeping me busy. | Want to get my attention in a thread? @Kyle Undefined; me.
    { MSI Phoenix || SRL Stats Sigs || Paste || Scripts || Quotes || Graphics }

    When posting a bug, please post debug! Help us, help you!

    I would love to change the world, but they won't give me the source code. || To be the best, you've got to beat the rest. || Logic never changes, just the syntax.
    If you PM me with a stupid question or one listed in FAQ, or about a script that is not mine, I will NOT respond.


    SRL is a Library of routines made by the SRL community written for the Program Simba. We produce Scripts for the game Runescape.


  6. #6
    Join Date
    Feb 2007
    Location
    Colorado, USA
    Posts
    3,716
    Mentioned
    51 Post(s)
    Quoted
    624 Post(s)

    Default

    yea sounds like it, I was googling about it.. I don't know that stuff as well as you probably do

    I saw someone set it up in a php class before, was over my head at the time.. now I actually know about it lol, so I have to go back on what I remember which isn't much
    The only true authority stems from knowledge, not from position.

    You can contact me via matrix protocol: @grats:grats.win or you can email me at the same domain, any user/email address.

  7. #7
    Join Date
    Dec 2006
    Location
    Sweden
    Posts
    10,812
    Mentioned
    3 Post(s)
    Quoted
    16 Post(s)

    Default

    Instead of doing poor "fixes" with your httpd, fix up the base of the code. Why are users able to change the directory to begin with? That itself is a huge security vulnerability that you should fix.


    Send SMS messages using Simba
    Please do not send me a PM asking for help; I will not be able to help you! Post in a relevant thread or make your own! And always remember to search first!

  8. #8
    Join Date
    Jan 2008
    Location
    10° north of Hell
    Posts
    2,035
    Mentioned
    65 Post(s)
    Quoted
    164 Post(s)

    Default

    Don't use PHP? Other than that, do what Harry said^

    Dg's Small Procedures | IRC Quotes
    Thank Wishlah for my nice new avatar!
    Quote Originally Posted by IRC
    [22:12:05] <Dgby714> Im agnostic
    [22:12:36] <Blumblebee> :O ...you can read minds

  9. #9
    Join Date
    Aug 2007
    Location
    in a random little world
    Posts
    5,778
    Mentioned
    0 Post(s)
    Quoted
    7 Post(s)

    Default

    Quote Originally Posted by Harry View Post
    Instead of doing poor "fixes" with your httpd, fix up the base of the code. Why are users able to change the directory to begin with? That itself is a huge security vulnerability that you should fix.
    oh i think you misunderstood me

    when the user signs up a subdirectory will be created, this is their folder where they can create and edit files, they can only view and edit these files through the website and they can only access their files within their directory

    i wanted to prevent php from accessing files from other directories

    what Kyle said worked perfectly

    ~shut

  10. #10
    Join Date
    Mar 2006
    Location
    USA
    Posts
    948
    Mentioned
    0 Post(s)
    Quoted
    1 Post(s)

    Default

    Quote Originally Posted by Shuttleu View Post
    oh i think you misunderstood me

    when the user signs up a subdirectory will be created, this is their folder where they can create and edit files, they can only view and edit these files through the website and they can only access their files within their directory

    i wanted to prevent php from accessing files from other directories

    what Kyle said worked perfectly

    ~shut
    isn't that what chroot is for?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •