GoFuckYourself.com - Adult Webmaster Forum - View Single Post

TFCash · 09-10-2001, 01:23 AM

Well I hate to break the news to you guys, but unless your host is running php in strict mode(which many don't !!!) then anyone that has an account on your server could in theory get a full listing of what is in your folders, and also do a complete listing or download of what is in your files, including any usernames and passwords that might be in your php files! I won't post the 7 or 8 lines of code that would do this, but rest assured it is that simple

And changing the permissions to nobody will have no effect at all, since apache run's as nobody any php script that is ran on your system has nobody privileges so they can see those files!

If you are making a living at this ( i.e. webmastering is your sole means of income) then you are really silly if you don't have your own det server to run your sites from. Now if you do this as a hobby or for extra cash, then a shared server will probably be fine for what you do, just don't freak out too much if you find that you've been hacked, or someone has ripped off your user database. I would suggest a daily backup of some sort, either have a secondary hosting account where you backup all your files for all your domains, or have a broadband connection at your house and keep a copy there burned onto CD.

Tim

09-10-2001, 01:23 AM
TFCash Confirmed User Industry Role: Join Date: Apr 2001 Posts: 1,738	Well I hate to break the news to you guys, but unless your host is running php in strict mode(which many don't !!!) then anyone that has an account on your server could in theory get a full listing of what is in your folders, and also do a complete listing or download of what is in your files, including any usernames and passwords that might be in your php files! I won't post the 7 or 8 lines of code that would do this, but rest assured it is that simple And changing the permissions to nobody will have no effect at all, since apache run's as nobody any php script that is ran on your system has nobody privileges so they can see those files! If you are making a living at this ( i.e. webmastering is your sole means of income) then you are really silly if you don't have your own det server to run your sites from. Now if you do this as a hobby or for extra cash, then a shared server will probably be fine for what you do, just don't freak out too much if you find that you've been hacked, or someone has ripped off your user database. I would suggest a daily backup of some sort, either have a secondary hosting account where you backup all your files for all your domains, or have a broadband connection at your house and keep a copy there burned onto CD. Tim