View Single Post
  #6  
Old 16th September 2008, 17:58
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,403
Thanks: 834
Thanked 5,494 Times in 4,325 Posts
Default

Quote:
in this case is a security risk to ?.....
Yes. This does not depend on the controlpanel. If OpenBasedir is off, a PHP script may access the whole server. For example:

$lines = file('/etc/passwd');
print_r($lines);

would output you a list of all users that are on the server, if openbasedir is not enabled as the passwd file is world readable.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote