 |  |  |  |  |  |  |  |
PHP safe_mode & effects of turning it off...
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
•
•
Join Date: Aug 2003
Posts: 82
Reputation: 
Solved Threads: 0
Junior Poster in Training
My question/issue is that I want to turn off PHP safe_mode on a new server... The server is running Ensim 3.5 Pro, and this is the 3rd ensim server I have from ev1servers.com...
The server is completely dedicated, and will NEVER host anyones site/sites but my own for a project among 4 partners.
I've turned off safe_mode for an entire server before, but have never really looked into the affects of this, and the potential problems this might cause.
According to http://us3.php.net/features.safe-mode, "The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now. "
To me, this sounds like using PHP safe mode is really only an issue for a Web Server running PHP with more than one user accessing the server, or running scripts on the server.
I know how to turn it off just by changing the httpd.conf from:
to
Can anyone think of any reasons this would EVER be an issue on a server that no one accessed, or ran scripts on other than myself/my partners???
I'm sure this could cause some debate, but I want opinions!!!!
The server is completely dedicated, and will NEVER host anyones site/sites but my own for a project among 4 partners.
I've turned off safe_mode for an entire server before, but have never really looked into the affects of this, and the potential problems this might cause.
According to http://us3.php.net/features.safe-mode, "The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now. "
To me, this sounds like using PHP safe mode is really only an issue for a Web Server running PHP with more than one user accessing the server, or running scripts on the server.
I know how to turn it off just by changing the httpd.conf from:
PHP Syntax (Toggle Plain Text)
PHP Syntax (Toggle Plain Text)
I'm sure this could cause some debate, but I want opinions!!!!
Professional Web Freelance Community
Professional Denver Web Design & Development
ISP Directory :: GuideFinder.net Consumer Articles
CreditGuy.net Credit Information Guide :: Denver Broncos
Unless your site is going to be public, I dont see any problem with it.
If it is open to the public then potential hacks could manipulate scripts on your site.. for example
[script on my site]
<?php
$file = fopen("http://www.yoursite.com/thescript.php","w+");
unlink($file);
fclose($file);
?>
[/script on my site]
Someting like that.. :o
If it is open to the public then potential hacks could manipulate scripts on your site.. for example
[script on my site]
<?php
$file = fopen("http://www.yoursite.com/thescript.php","w+");
unlink($file);
fclose($file);
?>
[/script on my site]
Someting like that.. :o
.:From A Far:.
•
•
Join Date: Aug 2003
Posts: 82
Reputation:
Solved Threads: 0
Junior Poster in Training
I've tried running a script sort of like the one you have posted, NEO, and I haven't been able to make it work...
I've ran it from several different servers, and pointed it to scripts on servers with safe mode on, and off.
I'd be interested to find a way to make sure it wasn't working, but from all my tests, I couldn't write to a file on any of my servers, and the default file properties only give write access to the owner, so with Apache running as nobody, it makes sense that it wouldn't work...
Any other thoughts/suggestions?!
I've ran it from several different servers, and pointed it to scripts on servers with safe mode on, and off.
I'd be interested to find a way to make sure it wasn't working, but from all my tests, I couldn't write to a file on any of my servers, and the default file properties only give write access to the owner, so with Apache running as nobody, it makes sense that it wouldn't work...
Any other thoughts/suggestions?!
Professional Web Freelance Community
Professional Denver Web Design & Development
ISP Directory :: GuideFinder.net Consumer Articles
CreditGuy.net Credit Information Guide :: Denver Broncos
|
Similar Threads
- Host Matrix - Free Php Hosting & Webmaster Resources. (Web Hosting Deals)
- Redirected to "http://search-to-find.com/sec.php?qq=car&pin=37049" (Viruses, Spyware and other Nasties)
- PHP 5 fast&easy web development (PHP)
Other Threads in the PHP Forum
- Previous Thread: Getting info from an XML file
- Next Thread: php5, mysql and IIS
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
.htaccess access alexa apache api array beginner binary broken cakephp checkbox class cms code convert cron curl database date directory display dropdown dynamic echo email encode error fairness file files folder form forms function functions google hack href htaccess html htmlspecialchars image include indentedsubcategory insert ip javascript joomla limit link login mail mail() menu methods mlm multiple multipletables mysql network newsletters object oop passwords paypal pdf php problem provider query radio random recursion redirect remote script search secure securephp server sessions simple sms source space sql syntax system table tutorial update upload url user validator variable video voteup web youtube
