Stop subdomain PHP scripts from accessing main domain files

#1

Hi, might be a dumb question, but I gave someone subdomain access through FTP. While they can only access their own folder and not any of mine, I realized they could simply have a PHP file that could do anything to my files including delete, make copies, etc. Is there a way to stop this? For instance:

copy("…/file", “file”);

If they make a PHP file in their folder that does that, it will copy over whatever file they choose in my domain to their folder. Or they could do things like unlink(), etc I realized.

#2

Perhaps:

https://www.php.net/manual/en/ini.core.php#ini.open-basedir

#3

Looks promising. I have to think a bit more about any type of script. There must be a fundamental issue I’m missing here.

#4

I dont believe it is a script…

I believe it is a php.ini setting.

I have never done this myself… but do host multiple add-on domains on the same hosting account.

I have never tried to scrape or access any of the directories in the other add-on/subdomain directories.

Sponsor our Newsletter | Privacy Policy | Terms of Service