Could someone please advice me whether turning safe mode off is a mayor security risk? If it is, is there ways in which you can minimise these risks?
Cheers for any advice or links
Mark
PHP safe mode, how safe is it really?
Moderator: SG Admins
-
PeteTheHair
- LAN Admin-Monkey
- Posts: 259
- Joined: Sun Oct 27, 2002 5:03 pm
- Location: Basingstoke
- Contact:
From very brief research (and I've been to the pub 
), it seems PHP safe mode makes no difference if your only running your scripts on your server. It imposes a set of restrictions on the files you can open, system commands you can run, and the environment variables that you can set.
If you're running a server that other people (that you don't trust) will be running scripts on, in an ISP kind of way, it'd be worth looking into more closely (as would all the PHP security chapter... don't run what you don't understand). However, for my home Apache install, I'm happy to leave this off.
The full details are at http://php3.de/manual/en/features.safe- ... .safe-mode for those that are interested...
Apologies if that didn't make a lot of sense
), it seems PHP safe mode makes no difference if your only running your scripts on your server. It imposes a set of restrictions on the files you can open, system commands you can run, and the environment variables that you can set. If you're running a server that other people (that you don't trust) will be running scripts on, in an ISP kind of way, it'd be worth looking into more closely (as would all the PHP security chapter... don't run what you don't understand). However, for my home Apache install, I'm happy to leave this off.
The full details are at http://php3.de/manual/en/features.safe- ... .safe-mode for those that are interested...
Apologies if that didn't make a lot of sense
Pete
"If at first you don't succeed, call it Version 1"
"If at first you don't succeed, call it Version 1"