I’d like to share my host with a second user.
I’ve created him a sub-domain, with a new user account and FTP access. He have his own folder in the root, nammed “sub.mydomain.com”, and everything’s ok.
With FTP access, he can’t read my own files. But the problem is that he can read it with a Php script file, using the opendir() and fopen() functions.
This is a real problem, because he can use fopen() on my config.php files and read my database access password, for example:
$target = '../www.mydomain.com/config.php'; // targetted file
$f = fopen($target,'r'); // give a pointer on $f
$content = fread($f,filesize($target)); // read the file
print($content); // show my passwords !
I’d like to know how to isolate him on his folder, and disable this access to the root.