 |  |  |  |  |  |  |  |
PHP safe_mode & effects of turning it off...
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
•
•
Join Date: Aug 2003
Posts: 82
Reputation: 
Solved Threads: 0
Junior Poster in Training
My question/issue is that I want to turn off PHP safe_mode on a new server... The server is running Ensim 3.5 Pro, and this is the 3rd ensim server I have from ev1servers.com...
The server is completely dedicated, and will NEVER host anyones site/sites but my own for a project among 4 partners.
I've turned off safe_mode for an entire server before, but have never really looked into the affects of this, and the potential problems this might cause.
According to http://us3.php.net/features.safe-mode, "The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now. "
To me, this sounds like using PHP safe mode is really only an issue for a Web Server running PHP with more than one user accessing the server, or running scripts on the server.
I know how to turn it off just by changing the httpd.conf from:
to
Can anyone think of any reasons this would EVER be an issue on a server that no one accessed, or ran scripts on other than myself/my partners???
I'm sure this could cause some debate, but I want opinions!!!!
The server is completely dedicated, and will NEVER host anyones site/sites but my own for a project among 4 partners.
I've turned off safe_mode for an entire server before, but have never really looked into the affects of this, and the potential problems this might cause.
According to http://us3.php.net/features.safe-mode, "The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now. "
To me, this sounds like using PHP safe mode is really only an issue for a Web Server running PHP with more than one user accessing the server, or running scripts on the server.
I know how to turn it off just by changing the httpd.conf from:
PHP Syntax (Toggle Plain Text)
PHP Syntax (Toggle Plain Text)
I'm sure this could cause some debate, but I want opinions!!!!
Professional Web Freelance Community
Professional Denver Web Design & Development
ISP Directory :: GuideFinder.net Consumer Articles
CreditGuy.net Credit Information Guide :: Denver Broncos
Unless your site is going to be public, I dont see any problem with it.
If it is open to the public then potential hacks could manipulate scripts on your site.. for example
[script on my site]
<?php
$file = fopen("http://www.yoursite.com/thescript.php","w+");
unlink($file);
fclose($file);
?>
[/script on my site]
Someting like that.. :o
If it is open to the public then potential hacks could manipulate scripts on your site.. for example
[script on my site]
<?php
$file = fopen("http://www.yoursite.com/thescript.php","w+");
unlink($file);
fclose($file);
?>
[/script on my site]
Someting like that.. :o
.:From A Far:.
•
•
Join Date: Aug 2003
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
I've tried running a script sort of like the one you have posted, NEO, and I haven't been able to make it work...
I've ran it from several different servers, and pointed it to scripts on servers with safe mode on, and off.
I'd be interested to find a way to make sure it wasn't working, but from all my tests, I couldn't write to a file on any of my servers, and the default file properties only give write access to the owner, so with Apache running as nobody, it makes sense that it wouldn't work...
Any other thoughts/suggestions?!
I've ran it from several different servers, and pointed it to scripts on servers with safe mode on, and off.
I'd be interested to find a way to make sure it wasn't working, but from all my tests, I couldn't write to a file on any of my servers, and the default file properties only give write access to the owner, so with Apache running as nobody, it makes sense that it wouldn't work...
Any other thoughts/suggestions?!
Professional Web Freelance Community
Professional Denver Web Design & Development
ISP Directory :: GuideFinder.net Consumer Articles
CreditGuy.net Credit Information Guide :: Denver Broncos
|
Similar Threads
- Host Matrix - Free Php Hosting & Webmaster Resources. (Web Hosting Deals)
- Redirected to "http://search-to-find.com/sec.php?qq=car&pin=37049" (Viruses, Spyware and other Nasties)
- PHP 5 fast&easy web development (PHP)
Other Threads in the PHP Forum
- Previous Thread: Getting info from an XML file
- Next Thread: php5, mysql and IIS
Views: 10021 | Replies: 3
| Thread Tools | Search this Thread |
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for PHP
.htaccess access ajax apache api array beginner binary broken cakephp checkbox class cms code cron curl database date directory display download duplicates dynamic echo email error execution file files folder form forms function functions google href htaccess html htmlspecialchars image include insert integration ip java javascript joomla jquery limit link login loop mail menu methods mlm mod_rewrite multiple mysql oop parse paypal pdf php phpvotingscript problem query radio random recursion regex remote script search select server session sessions sms soap source space speed sql structure syntax system table tutorial update updates upload url validation validator variable video web xml youtube
