Page 1 of 1

I can see other folders through SFTP! Is this bad security?

Posted: Fri Sep 09, 2011 8:09 am
by Edge100x
Your webserver user has access to other shared directories on the system because it must in order for your applications and SFTP/SSH access to function properly. Most of these are system directories, but as part of this, you can also see the names of some other customer directories. This is normal and not a security problem, as by default you have no access to the actual contents of other users' directories, and other customers have no access to yours. You also have restricted access to system files and resources, with the inability to write to them and the inability to read sensitive files.