Hi there,
I'vfe created a user on my server named clientdropbox. as the name suggests this is a folder where clients can login and drop off files for use in their projects.
this all works hunky dory. They login they can uplaod and delete etc and my personal directory is completely offlimits.
However, the main body of the site (basicaly every directory apart from my mail folder) although unable to edit or upload anything they can downlaod and view files. Files such as driver.php which contains the mysql_connect() details aka username and password....
eeek.
How can i stop people from being able to go above the folder, ie out of the user clientdropbox file listing.
This is a huge security flaw which I need to sort out as you can imagine!
I'm imagining .htaccess is the answer, but if I'm wrong tell me....
Thanks in advance.
