Making PHP safe for (and from) kids

Can anyone recommend a book or a site that really delves into controlling security with Apache and/or PHP?

I'm teaching programming to some junior high school students and some of them are pushing to do server side coding. I'd like to provide the workspace for them to do this on my hosted site but obviously I need to limit students to file operations within their own folders.

On the other hand I have scripts running that I don't want to restrict. They're written by me so they're highly trusted and infallible (yuk-yuk).

I'm basically looking to learn about how to implement highly granular and specific security restrictions and would love to hear about any documentation that focuses on this. I think PHP's open_basedir setting, using cgiwrap and settings for Apache might hold some promise, but I'd really like to understand the whole area a lot better before working on a solution.

BTW, I do have access to the httpd.conf and php.ini files for my domain.

Thanks in advance,
jam

Here is a guide to htaccess. http://www.wsabstract.com/howto/htaccess.shtml You can use this to secure a directory. There are some scripts here and on hotscripts.com that allow you to manage your htaccess files. This is an option, may not be the best, but it is a start.

Sorry to take this off the topic you asked about, but why not just grab an old box and install apache and php on it? Seems like it would be much easier to do that. Then, you aren't even worried about the students mucking the box up, just reload it if it gets out of hand...

Thanks for the reading material, I'll check that out.

Setting up a dedicated machine is an option to consider but I'd prefer it if I could do it on my hosted site. That way they can work on their projects while out of class and I don't really have the resources to put a dedicated machine on the net. But if I run into a real dead end I'll keep that in mind. Well, Summer's almost here and I'll have some time to think about it.

Thanks!
jam