Sensitive Data in Globally Readable File Vulnerability

On a Security relating to Shared Hosts or Compromised Systems private information such as database passwords and other sensitive data may be readable by another user on the system.

Commonly web servers run as a certain “user” on a system. Usually this one “user” process (web server) has access to any globally-readable file on the file system. It’s trivial to craft PHP (or any other server-side language) to read arbitrary files on the file system. Coupled with the fact the most shared hosting environment user configurations are identicle, any user that knows how his own account or file-system space is layed out is likley to know any other user’s general layout, too, and thusly mail know exactly where to read sensitive information.

• Strict web server adherance to user separation and security policies.
• PHP safe mode and other security tactics.

• See web application security and security vulnerabilities catalog.
• PHP safe mode