PHP fopen() security issue

[skunkbad]

One of the websites that I maintain is on a server where I can fopen() and fread() anything on the server. There are a few hundred websites on there, and I don't believe I should have access to go into them, but I wanted to test so that I could improve my own security. "fopening" these files reveals ALL code, even preprocessed php code / asp code. Is there a way that I can protect the site I am working on from other people "fopening"? Server is a windows server with IIS. I can't use .ini files or .htaccess files, so I'm not sure I can do anything without contacting the host... Maybe I just need to change hosts. I don't like being on a windows server, but I inherited the site, and would rather not have to deal with the move.

[flick]

you can't use .htaccess files with iis but you can use .ini files, alternatively you could install apache on the server so you wouldn't have to move hosting, would be alot of work though depending on how many sites you have on the server :)

[skunkbad]

Quote:

Originally Posted by flick

you can't use .htaccess files with iis but you can use .ini files, alternatively you could install apache on the server so you wouldn't have to move hosting, would be alot of work though depending on how many sites you have on the server :)

So what would I put in a php.ini file to stop other people from fopening my files?. This is a shared hosting account, so I don't have the option of installing Apache.