NYCPHP Meetup

[Jayesh Sheth]

Hello all,

thanks for all of your quick replies.

To clarify on my current setup:

I am not an expert on UNIX permission and such things, but here is my 
(limited) understanding of how it might work:

- from the control panel, you can add an FTP or shell user

- from the control panel, a domain is mapped to either of those user's files

- when you setup a domain, you can choose whether PHP scripts are run an 
apache module (aka "running as Apache") OR as CGI (aka "running as my user")

- when you FTP in, you cannot go "up" and browse a list of other user's 
directories, since you are in the root directory of the account into 
which you FTPed

- scripts are disabled from reading outside of their domain-files 
directory (something is changed in PHP's configurationhere ) 
["open_basedir Restrictions in effect, file is in wrong directory"]

- scripts cannot access external programs ["backticks (``), system(), 
exec(), passthru()" are disabled]

More information on the shared server's configuration:

https://panel.dreamhost.com/kbase/index.cgi?area=2526&keyword=security

So, as far as I know, files placed in a certain shell or FTP user's 
accounts are private.

Please correct me if this seems incorrect.

Best Regards,

- Jay