BUT a user can put a php script that can read the content of another
web site because www user can read ( and sometime write ) every web
site.
Yes, this is how Apache implements multiple sites: you're running one
instance of Apache, and it needs to have access to all the sites. But
it's not really a PHP problem, it's an Apache problem.
If you're allowing your users to upload their own scripts, then PHP
has far more worrying problems than the one you mentioned, like
'eval()' and 'system()'. For example, your customers could upload a
Unix program to the server, then use the PHP call 'popen()' to make
your server run it. If your customers don't need to do these things
then disabling those is far more important than disabling file access.
One normally secures against PHP attacks by carefully setting up
suitable settings in php.ini. Take a look through every setting in
php.ini and if you don't need to allow your customers to use the
feature, disable it. For example, set allow_url_fopen to 0. Look
especially hard at 'disable_functions'.
If you really do need to allow your users to upload PHP scripts which
they can then run, and if you do need to give your users access to /
all/ PHP features, so that they can never claim that you promised full
PHP hosting but didn't deliver it, then you must either run multiple
instances of Apache on the same computer, each one with access only to
the files for its own web site, or run one server for each customer
(they can be virtual servers if you like).
Simon
--
Simon Slavin Fylde Building Room C11
Computing Development Officer 01524 65201 x 93569
Psychology Department
University of Lancaster
