[X-Unix] Shared hosting with apache and php, security concerns

[James Avgeris]

On Mar 18, 2004, at 1:33 AM, Eugene Lee wrote:

> In a shared web server, a typical method is to make all users' web
> directories group-readable by Apache, but also disallow all world 
> privs.
> Doing this keeps users from accessing each other's web content.

Yes, but the point is that since PHP could access other user's 
directories then it would be trivial to write a PHP script that did so.