 |  |  |  |  |  |  |  |
PHP safe_mode & effects of turning it off...
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
•
•
Join Date: Aug 2003
Posts: 82
Reputation: 
Solved Threads: 0
Junior Poster in Training
My question/issue is that I want to turn off PHP safe_mode on a new server... The server is running Ensim 3.5 Pro, and this is the 3rd ensim server I have from ev1servers.com...
The server is completely dedicated, and will NEVER host anyones site/sites but my own for a project among 4 partners.
I've turned off safe_mode for an entire server before, but have never really looked into the affects of this, and the potential problems this might cause.
According to http://us3.php.net/features.safe-mode, "The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now. "
To me, this sounds like using PHP safe mode is really only an issue for a Web Server running PHP with more than one user accessing the server, or running scripts on the server.
I know how to turn it off just by changing the httpd.conf from:
to
Can anyone think of any reasons this would EVER be an issue on a server that no one accessed, or ran scripts on other than myself/my partners???
I'm sure this could cause some debate, but I want opinions!!!!
The server is completely dedicated, and will NEVER host anyones site/sites but my own for a project among 4 partners.
I've turned off safe_mode for an entire server before, but have never really looked into the affects of this, and the potential problems this might cause.
According to http://us3.php.net/features.safe-mode, "The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now. "
To me, this sounds like using PHP safe mode is really only an issue for a Web Server running PHP with more than one user accessing the server, or running scripts on the server.
I know how to turn it off just by changing the httpd.conf from:
PHP Syntax (Toggle Plain Text)
PHP Syntax (Toggle Plain Text)
I'm sure this could cause some debate, but I want opinions!!!!
Professional Web Freelance Community
Professional Denver Web Design & Development
ISP Directory :: GuideFinder.net Consumer Articles
CreditGuy.net Credit Information Guide :: Denver Broncos
Unless your site is going to be public, I dont see any problem with it.
If it is open to the public then potential hacks could manipulate scripts on your site.. for example
[script on my site]
<?php
$file = fopen("http://www.yoursite.com/thescript.php","w+");
unlink($file);
fclose($file);
?>
[/script on my site]
Someting like that.. :o
If it is open to the public then potential hacks could manipulate scripts on your site.. for example
[script on my site]
<?php
$file = fopen("http://www.yoursite.com/thescript.php","w+");
unlink($file);
fclose($file);
?>
[/script on my site]
Someting like that.. :o
.:From A Far:.
•
•
Join Date: Aug 2003
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
I've tried running a script sort of like the one you have posted, NEO, and I haven't been able to make it work...
I've ran it from several different servers, and pointed it to scripts on servers with safe mode on, and off.
I'd be interested to find a way to make sure it wasn't working, but from all my tests, I couldn't write to a file on any of my servers, and the default file properties only give write access to the owner, so with Apache running as nobody, it makes sense that it wouldn't work...
Any other thoughts/suggestions?!
I've ran it from several different servers, and pointed it to scripts on servers with safe mode on, and off.
I'd be interested to find a way to make sure it wasn't working, but from all my tests, I couldn't write to a file on any of my servers, and the default file properties only give write access to the owner, so with Apache running as nobody, it makes sense that it wouldn't work...
Any other thoughts/suggestions?!
Professional Web Freelance Community
Professional Denver Web Design & Development
ISP Directory :: GuideFinder.net Consumer Articles
CreditGuy.net Credit Information Guide :: Denver Broncos
|
Similar Threads
- Host Matrix - Free Php Hosting & Webmaster Resources. (Web Hosting Deals)
- Redirected to "http://search-to-find.com/sec.php?qq=car&pin=37049" (Viruses, Spyware and other Nasties)
- PHP 5 fast&easy web development (PHP)
Other Threads in the PHP Forum
- Previous Thread: Getting info from an XML file
- Next Thread: php5, mysql and IIS
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
apache api array basic beginner binary broken cakephp checkbox class cms code computing confirm cron curl customizableitems database date delete display dynamic echo email error external file files filter folder form forms forum function functions gc_maxlifetime google headmethod host href htaccess html iframe image include insert ip javascript joomla limit link login mail malfunction memmory memory menu mlm multiple mysql navigation neutrality oop parsing paypal pdf php problem query question radio random recursion remote root script search server sessions sms snippet soap source space sql syntax system table thesishelp trouble tutorial update upload url validator variable video web xml youtube
