Hi,
I've got a problem protecting files and directorys using php on an Apache system (Unix Platform), for example:
VirtualHost1: DocumentRoot /home/user1/docs
VirtualHost2: DocumentRoot /home/user2/docs
Apache is running under uid nobody with dynamic php libraries.
If user1 uploads a php script which does a fopen (read) on a file which resides in user2's document-tree. The file will be opened and the content can be read. The access from outside (via apache) is protected using a .htaccess file, but how can I protect these files within php to be read by scripts from other users? The php-script will be executed under uid nobody, like apache, but the apache have to read this files after valid authentication was made.
Any suggestions? Isn't it a typical problem in a webhosting environment?
regards,
Andy
