Hi,
I have a 100% working Apache + PHP 4 server setup under win2k, with apache set up so that /~username is really c:\home\username\public_html.
The problem is, I would like to be able to deny PHP access to directories HIGHER than *\public_html.
As it stands a php file executed in /~username can do whatever it wants, which is obviously not too good 🙁
open_basedir is too restrictive as it prevents legitimate uses (eg includes in subdirs etc), and yet anything else seems to be a free-for-all under Windows with Apache!
Using virtual host containers is all well and good too, but then while the restrictions (same problem as above though) work for www.usernamesdomain.com, they can be bypassed by simply going /~username!
Any comments would be appreciated 🙂
Thanks,
Andy.
