Mobile app version of vmapp.org
Login or Join
Martha676

: With PHP: How to restrict access from one Addon domain to another? With some hostings (000webhost, ovh, active24 and several other hosting, which DOESNT USE cPanel), when you add a new domain,

@Martha676

Posted in: #AddOnDomain #Cpanel #Php

With some hostings (000webhost, ovh, active24 and several other hosting, which DOESNT USE cPanel), when you add a new domain, an entirely separate public_html is created and a separate FTP login.

But with cPanel, all "addon domains" are created under the same account and public_html folder. So, with PHP programming, from addon domain "account" I can easily access any other domains' FTP folders.

Is there a way to restrict PHP from accessing higher directories? (This thread states there is no solution inside cPanel.)

Some people say that open_basedir and safe_mode (inside php.ini and http.conf) is a solution, but that can be overridden too by hacker.
So, the only solution seems to me, is MULTI-Account hosting (like the list I've given above) or reseller hosting, with different cPanel accounts.

Are there any other solutions?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Martha676

1 Comments

Sorted by latest first Latest Oldest Best

 

@Jamie184

You can't restrict developer/PHP access to other filesystem areas within the same hosting account where cPanel Addon domains are pointing.

This is not what Addon domains are designed for. In fact, it is a "feature" that you can access all areas.

Like you say, Addon domains essentially allow you to host different domains under one hosting account and serve different content - all controlled by the same user. If you need to restrict access to the different domains (at the developer/PHP level) then you should be looking at different hosting accounts (ie. different virtual hosts).

Some developers do try to host entirely separate sites (for different clients) using Addon domains off a single hosting account. It's "cheap". However, as soon as the client requires direct access to the account, you have problems. Also, if your site gets hacked you can find that all your sites are hacked! Resources are generally limited per hosting account, so you might not have enough "umph" to power many different sites in this way.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme