negora
12-31-2009, 04:09 AM
Good morning:
The title of my message isn't very self-explaining so I'm going to try to explain my personal situation so you can understand what I try to achieve.
A relative of me and his partner at work need some temporal web space to upload a few PHP pages for the presentation of a project. Although his partner isn't dedicated to the programming scene any more, he knows some basic stuff to program in PHP.
They asked me for help. My idea was to make a directory for them, generating a new FTP account and buying a domain which pointed to such directory. That way they would have their own isolated space...
Isolated? No, it isn't. Although I trust this relative, I don't know his partner and (sorry for being so paranoid) he could gain access to upper directories using basic PHP functions which scan directories.
The first strategy which came to my mind was to set permissions via SSH. However everything is uploaded with my account name, in spite of assigning a new FTP user to them.
My second idea, the one which I applied, was to set an unique php.ini file located out of their directory and use it to block those functions which may be used to scan directories. This wouldn't block the access to files, of course, but at least he would need to know their paths. Restricting even more functions would make some of my software to fail: phpBB, zenPhoto, etc.
Do you know about a good way to achieve that isolation which I need? Or is it just impossible?
Thank you very much ;) .
The title of my message isn't very self-explaining so I'm going to try to explain my personal situation so you can understand what I try to achieve.
A relative of me and his partner at work need some temporal web space to upload a few PHP pages for the presentation of a project. Although his partner isn't dedicated to the programming scene any more, he knows some basic stuff to program in PHP.
They asked me for help. My idea was to make a directory for them, generating a new FTP account and buying a domain which pointed to such directory. That way they would have their own isolated space...
Isolated? No, it isn't. Although I trust this relative, I don't know his partner and (sorry for being so paranoid) he could gain access to upper directories using basic PHP functions which scan directories.
The first strategy which came to my mind was to set permissions via SSH. However everything is uploaded with my account name, in spite of assigning a new FTP user to them.
My second idea, the one which I applied, was to set an unique php.ini file located out of their directory and use it to block those functions which may be used to scan directories. This wouldn't block the access to files, of course, but at least he would need to know their paths. Restricting even more functions would make some of my software to fail: phpBB, zenPhoto, etc.
Do you know about a good way to achieve that isolation which I need? Or is it just impossible?
Thank you very much ;) .