#16: Restricting the Files that PHP Can Access

If you're worried about a malignant PHP script accessing system files (such as your password file), you can limit the directories that PHP has access to with the open_basedir setting. When open_basedir is enabled, PHP cannot open or otherwise manipulate any files outside of the defined directories. Here's a php.ini example that limits access to /home/www:

open_basedir = /home/www

You can add access to multiple directories by separating them with a colon (:) for Unix or a semicolon (;) in Windows.

Note

By default, PHP will allow access to the specified directory and all subdirectories below. If you'd like to limit this to only the files in the specified directory, add a slash to the end of the path; for ...

Get Wicked Cool PHP now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.