Virtualhost/PHP website security

I want to host some friends websites on my server.

They will use php and commands like session_start etc. So it is important that the variables from all domains(users) don’t get mixed with each other.

It seems to work if the vhosts are set up with domains. Everything seems to be protected between domains from what I’ve noticed so far (Please let me know if you know of anything I should consider)

The problem is that some of my friends won’t use a domain so I thought I could set up the vhost with port instead for those users. But from what I’ve noticed the session variables are not protected between ports so I thought I could solve it by specifying:

php_value session.save_path “c:/b”

It seems to work with separating the session files between the ports but maybe there is something else that could risk the security?

Appreciate if I can get some feedback on this.

I would tell your friends they need a domain. You’re hosting for free but you’re not a charity so there is no point for you jumping through these hoops for them.

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.