25 Oct
2005
25 Oct
'05
2:57 p.m.
On Tue, 25 Oct 2005, Steve Dondley wrote:
On a multi-site set up, it's a trivial matter for someone to create a node with some PHP code that takes a peak at another site's settings.php file. Example:
<?php
$file = file ( 'sites/example.com/settings.php' );
foreach ($file as $key => $line) { print $line; print "<br />"; }
?>
What's the best practice for eliminating this problem?
What I do is to run each user's php process as fast-cgi and only link their sites subdirectory form the main installation. Cheers, Gerhard