PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Wed Oct 17, 2018 9:52 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: PHP security issue
PostPosted: Sun Nov 09, 2014 11:18 pm 
Offline
Forum Newbie

Joined: Sat Nov 01, 2014 4:47 am
Posts: 6
Hope this is the correct forum for my question.

I have installed PHP on a IIS7.5 Windows 2008R2 server shared hosting server. PHP works. But with a simple php script I can browse over the complete server. I can set open_basedir to the users home directory by add add name="PHP via FastCGI" path="*.php" verb="*" modules="FastCgiModule" scriptProcessor="C:\php54\php-cgi.exe|-d open_basedir=c:\inetpub\wwwroot\userwebsite" resourceType="Unspecified" /> into web.config. But the user can change the web.config so after change this he can again browse over the complete server. So this is not the way to do this.

Can anyone tell me how I can hold the user in his own website directory?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group