Sorry your browser is not supported!

Due to the nature of a project I've been working on, I need my web server to access files outside of the document root. I did so by creating a hard link because I need the directory to be searchable using scandir(). Using an Apache alias made the files accessible but I couldn't retrieve a directory listing of the files. (in other words, I had to know the file name of what I was accessing). Eventually, I stumbled upon symlink.

This however poses a possible security concern to me. Since I can delete files programmatically from php now, I feel if my server was to be compromised then an attacker could potentially delete all those files outside the server's root as well. Is there a way to restrict access to read only? I could change the folder permissions but then wouldn't that prevent everything from being able to write? Is there a way to create a separate php user to use on the server so I can set specific permissions to the file system without having to affect the admin?

Hope that made sense to someone.

Yeah, pretty much. Ive been there lol.
You know that giant on/off switch for the PHP my-admin that you control wich comments somewhere near the top of the your httpd.com


I just keep the ON part commented out unless i need to access the database. I mean you could make a script to turn it on and off somehow, i just dont know how.