I'm programing a host manager for my site using the PHP library. I was testing the library playing around with the functions and a few things came up that concerned me.
- The "listpkgs" function not only lists my packages but everyone elses packages too.
- Why doesn't the PHP library have the same functionality as the Perl library does? There are a few functions missing.
I don't need to see what other resellers are doing on my server. The fact that I can see them means that they can see me too. I don't want the other users/resellers to see what I'm doing and I really don't care as to what they're doing. Not to mention that this is extra data to deal with. I can determine the number of individuals on the server Im on and their usernames just by asking for this information through the library. This should be information that the host really doesn't want me to see. I think this is a vulnerability that needs to be addressed.