• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
One application for multiple sites, maintainability vs security

#9
[eluser]Randy Casburn[/eluser]
@mvdg27 -- I would be fearful of some very simple PHP functons. Such as glob(). Under the configuration as you've described, any user with any CMS account can glob() any other users files, can then readdir(), can fopen(), those files, change the contents, when they are executed who knows what would happen, etc.

Have I misunderstood what you've said?

Quote:As some people pointed out to me: you can restrict the open_basedir for each client account, but in the end the CMS account can access any account, and therefore creates a security leak.

AND

- different clients will be able to access each other’s files, through the disabled basedir restriction on the CMS account.

Randy


Messages In This Thread
One application for multiple sites, maintainability vs security - by El Forum - 07-22-2008, 10:36 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.