0

i am quite new to the PHP business and thus please forgive me, if the questions sounds stupid to you. (always ask for forgiveness, never for permission ;)

Nevertheless, my theoretical question: I have a php based website, which is located in web root. This Php allows to create another php file, and its saved also in the web root. Later, i can "request" this newly created php and thus the php will be run. That means for my understanding, as a php script can include/access files outside the web root, I have basically full access to the server via this php-programm. Is it right ? I would be shocked if it is true .... so if I am wrong, what is preventing this access ?

Improve this question

1 Answer 1

Reset to default
1

This is going to be based on file permissions. If you're on a hosted server, you have permission to change everything on your area of the server (and you'll have a special identity that gives your permission). You should also be able to send requests just about anywhere (which is including/accessing files outside your area). Chances are your special user does not have permission to write outside your dedicated space on the server. This is pretty standard. I'd look into File Permissions, and how they work on webservers if you're interested in learning more.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Okay, so far clear. But I rather consider a private web server. E.g. on my server is a php script (1) in the web root including another php (2) which is located outside of web root. The php (2) has all the logic about the database access, which i need. I did it this way in order to have all database related infos out of the web..... thus my question concerns rather this case, where the @server can at least read everything. ...
It all depends on what type of access the webserver has that ultimately runs the php script. If script (1) and (2) are both run by the same webserver they will both have the same permissions.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.