SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Included file above web directory on another domain.

    I have two domains: example.com and testdomain.com.

    I was successfully able to include : /home/example_com_user_name/directory/config.php’ on testdomain.com from example.com.

    This was done by putting this into testdomain.com/example_com’s .htaccess file.:
    Code:
    SetEnv PHPRC /home/example_com_user_name/directory/php.ini
    Inside :/home/example_com_user_name/directory/php.ini’ is
    Code:
     auto_prepend_file =  /home/example_com_user_name/directory/config.php
    I thought files above the public_html were not accessible. This seems like a huge security risk IMHO.


    Other info. Both domains are on the same reseller hosting account. Testdomain.com also has wildcard sub-domains turned on bye the web hosting provider.

    Thus anything.testdomain.com automatically goes to testdomain.com/index.php unless it is specified differently in the .htaccess.

  2. #2
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,178
    Mentioned
    64 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by losirus View Post
    Other info. Both domains are on the same reseller hosting account. Testdomain.com also has wildcard sub-domains turned on bye the web hosting provider.
    This is why you can do it. You need to set the root directory and permissions for other accounts to be outside what you don't want accessible.

  3. #3
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by K. Wolfe View Post
    This is why you can do it. You need to set the root directory and permissions for other accounts to be outside what you don't want accessible.
    Are you referring to chmod permissions of the root directory of each domain? I was lead to believe that files located above the public_html web directory were not available to external request. Is this not true?

  4. #4
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,832
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by losirus View Post
    I was lead to believe that files located above the public_html web directory were not available to external request. Is this not true?
    They are not available to external request, but they are available to internal request. One of your scripts can include a file above public_html. It cannot be accessed directly from the internet, but it is available for your scripts to use. The domains are hosted on the same account and so they have access to the folders in the account including those above public_html.

    This is actually pretty handy because your different sites can share code. For example, you can use the same database class between multiple addon sites.

    I have been curious as to whether or not each separate reseller account can access other accounts on the same master reseller account. If I have a reseller account with a host using cPanel and I set up two separate accounts for two different people, would they have access to each other's files or would they have separate user IDs? Maybe someone can chime in with an answer to that question of mine.

  5. #5
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,178
    Mentioned
    64 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by cheesedude View Post
    I have been curious as to whether or not each separate reseller account can access other accounts on the same master reseller account.
    Sorry, this is what I rwas referring to when stating you should set your document root for each user, if you do not want it to behave this way.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •