Thread: Security issue
View Single Post
Old 5th November 2008, 11:18
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts

I totally agree to ben. In my opinion safemode is still a very good option in the current php versions. For example if you use just open_basedir restriction, you can still do things like:

passthru('cat /etc/passwd');

to get a copy of the passwd file in the browser. Ok, you may now disable functions like exec, passthru etc. and if you finished that you and up with a configuration that is very similar to what safemode offers in one option.

So the recommendation is to enable sfaemode whenever its possible. In case it is not possible, you shout at least set individual settings like open_basedir and disable unneeded functions via php_admin_flag and php_admin_value in the apache directibves field in the website.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from
Reply With Quote