serious security threat in shared servers?

I have several accounts on shared server running cpanel. Since the all scripts run as 'nobody' I was told that in order to make a file writeable by a script (and I do have several files that have to be modified by scripts) I have to change its permissions so that in can be read by anyone (777).

Today I did a small experiment: I wrote a script that echoes the contents of any file given its path. I uploaded it to the server and used one account to read files from another. It worked without a problem.

So it seems that if you have an account on such a shared server you can easily read other users' files if you know where they are. If the other user uses some standard script -- some message board, for instance -- you can easily find out where the password to their database is, read it, and have free access to their database.

Are shared servers not running in safe mode really so unsecure, or is there a way to protect others from accessing your files if you need them to be readbale/writable to your own scripts?

 

 

 

 

Top