I am normally responsible for all scripting on web-sites running on my server, but some of my clients have other people working on (parts...) of their sites.
When I give access, they can use php, so I regularly check if they seem to be knowing what they are doing, blocking people when they are:
- using mail() without proper input filtering (very common here in Peru...)
- trying to include stuff they really shouldn´t
- trying to use exec()
Are there any other functions that are potentially dangerous?
With dangerous I mean dangerous in all ways, from getting banned by search-engines and making spam-blacklists to compromising the security of the server.
Please note that I am not talking about people who want to do harm, but people who do not fully understand php.
By the way, I do not give them access to databases like mysql.