Thread: File Manager
View Single Post
  #14  
Old 4th August 2012, 13:29
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,754
Thanks: 840
Thanked 5,603 Times in 4,414 Posts
Default

Quote:
Regarding it being security risk, if implemented correctly, it's no more of a risk than allowing mod_php to run on customer sites.
And thats why mod_php is normally not used on a ispconfig server. ISPConfig provides mod_php support only for legcy reasons and it should not be used on servers that host clients or are connected to the internet. For hosting servers, use php-fcgi in conjunction with suexec as described in the manual. In ISPConfig, each site runs under a different Linux system user, so you wont be able to have write access to the files from a script running under mod_php anyway. Also you should be aware that ispconfig is a multiserver controlpanel were the web and controlpanel server is not nescessarily the same system, so you cant access any files from a script that are on the web server if the controlpanel server is a different system. The only option ro provide a file explorer like functionality is the user of a webFTP client were the customer can login with its FTP username and password.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote