Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
#1 2008-08-06 23:15:03
- Ruhh
- Member
- From: dakota dunes
- Registered: 2008-01-20
- Posts: 305
security
Say a person have a shared hosting plan. She/he decides to host people. Would these people have access to the host’s textpattern confiq file? If that is a possibilty, how can the host prevent these people from having access to it?
<txp:Ruhh />
Offline
Re: security
Typically, you can create an FTP account that’s restricted to a certain directory, so the user can’t access the host’s files.
Offline
Re: security
I’ve done this successfully in the past by giving access via WebDAV so they are only able to upload and browse files within the set WebDAV directory.
Offline
#4 2008-08-06 23:37:19
- Ruhh
- Member
- From: dakota dunes
- Registered: 2008-01-20
- Posts: 305
Re: security
@ jm:
How would the host do that? The host had been given a FTP account, the default.
@ graeme:
How is that replying to my question? The host don’t want the hostees to have access to the host’s files especially the config file which contains the password.
Last edited by Ruhh (2008-08-06 23:41:48)
<txp:Ruhh />
Offline
Re: security
Ruhh wrote:
How is that replying to my question? The host don’t want the hostees to have access to the host’s files especially the config file which contains the password.
You can specify any directory to be available by WebDAV – just make sure you TXP install isn’t inside that directory.
Offline
Re: security
Ruhh wrote:
@ jm:
How would the host do that? The host had been given a FTP account, the default.
In the account backend (cPanel, Plesk, Webmin, etc.), there should be a page for creating new FTP accounts for specific directories.
Offline
#7 2008-08-07 00:02:42
- Ruhh
- Member
- From: dakota dunes
- Registered: 2008-01-20
- Posts: 305
Re: security
@ graeme:
Ok.. WebDAV? What is it? Never heard the name. Sorry, I’m lost. o.O
@ jm:
The host needs to create a new FTP account? I understand how the host can create a specific directory for a hostee so that person can do whatever in the folder. However, a malicious hostee can open the host’s script config file by using PHP.
Last edited by Ruhh (2008-08-07 00:03:27)
<txp:Ruhh />
Offline
Re: security
Ah, you’re right. If you’re hosting people on a shared host, it’d be best to host only those that you trust. But if you’re hosting anyone, you should purchase a reseller hosting account. The user accounts you create are real OS-users, so they can’t read the host’s files via FTP or PHP.
Offline
#9 2008-08-07 00:34:48
- Ruhh
- Member
- From: dakota dunes
- Registered: 2008-01-20
- Posts: 305
Re: security
darn it. i was hoping something better than “you should purchase a reseller.” i can’t afford to get one so instead i got shared. ah php is so evil! well not really. php, ftw!
<txp:Ruhh />
Offline
Re: security
Ruhh wrote:
She/he decides to host people. Would these people have access to the host’s textpattern confiq file? If that is a possibilty, how can the host prevent these people from having access to it?
When you say: “to host people”, you mean “to host other people’s websites (including adding the domain)”, or you mean just “other people’s files on an FTP account”?
If you plan to host other people’s websites in your shared hosting account, it will depends if your shared hosting plan lets you adding more domains (cheapest plans usually allows you to host one domain, nothing else).
If you plan to allow people (ideally, trusted people) to host their files in your account, you may need to create some FTP accounts for them (as jm already pointed) and restric the access to some subfolder that doesn’t have your Textpattern (or any other script) files.
Offline
Re: security
Hmm… so you get a restricted FTP account, upload a PHP or some CGI script and then use your browser to execute that script and do whatever you want, unless of course file permissions are set properly but then you wouldn’t really need a restricted FTP account.
Offline
Pages: 1