Symbolic links and PHP

[singeX]

I want to allow websites on the server to be able to run php scripts on another website hosted on the same server without allowing them to view the code for the actual scripts. After working on it for a little while I realized that it's probably not possible without obfuscating the code.

This is what I've done so far:

SiteA is the website where the actual scripts resides
SiteB is the website we want to access scripts from

Code: Select all

ln -s /var/www/vhosts/SiteA/httpdocs/ScriptDir /var/www/vhosts/SiteB/httpdocs/ScriptDir
chown -R SiteBuser:psacln /var/www/vhosts/SiteB/httpdocs/ScriptDir

Add the following to vhost.conf for SiteB:

Code: Select all

Options +FollowSymLinks
php_admin_value open_basedir "/var/www/vhosts/SiteB/httpdocs:/tmp:/usr/share/pear:/var/www/vhosts/SiteA/httpdocs/ScriptDir"

Reconfigure SiteB:

Code: Select all

/usr/local/psa/admin/sbin/websrvmng -u --vhost-name=SiteB

You can now access the php scripts hosted on SiteA by going to the url for SiteB. However...

If you upload a script to SiteB you can view the code in the php scripts on SiteA with a simple:

Code: Select all

<?php readfile('/var/www/vhosts/SiteA/httpdocs/ScriptDir/ScriptName'); ?>

Is there any way to do this without obfuscating the code? I don't trust obfuscation.