File System security (PHP)

0 投票
最新提问 用户: (120 分)

Basically i want to discuss about file-system security,and yes i tried to search for a solution but no satisfied result.

Let me explain in details.

I have GoDaddy hosting. There are two sites installed. One on root and one is in a sub-folder. Lets say site1 and site2. Both are built with wordpress. I need to do some changes in site2 and i do work in team so i created a FTP account for site2 and shared with team and asked them to use it so they can't do have any change in site1. but one of developer have download wp-config file of site1 and delete the database. i was wondering how can my database automatically delete(as i wasn't aware of that). After days of research i find out how he deleted the database.

He created a php file on site2's root and copy the site1's wp-config file into site2 using dirname(getcwd()) and then using that file ,he deleted the database cause wp-config file always have database details.

Now i am wondering how can i give access of my site2 to the developers securely so they can't access site1.

Directory structure.

  • wp-config.php
  • wp-content
  • wp-admin

  • site2

    • wp-config.php
    • wp-content
    • wp-admin
    • so on ....
  • another file and so on....
发表于 用户: (100 分)
Create different FTP users and set different user roles for directories.
发表于 用户: (120 分)
How can i that? i mean how can i set rules and what will be the rules. as i didn't created FTP for root path. I created FTP for only sub-folder.
发表于 用户: (100 分)
I'm not familiar with GoDaddy hosting and how they let to create rules, but on Linux machine there is pretty simple explained how to do that: cyberciti.biz/faq/howto-linux-add-user-to-group but in hosting you won't have command line so you should contact GoDaddy support or read docs if they allow multiple user roles
发表于 用户: (120 分)
I also know that for linux. but not goDaddy

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...