Thread: Security issue
View Single Post
  #3  
Old 5th November 2008, 10:18
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,395
Thanks: 833
Thanked 5,490 Times in 4,322 Posts
Default

I totally agree to ben. In my opinion safemode is still a very good option in the current php versions. For example if you use just open_basedir restriction, you can still do things like:

passthru('cat /etc/passwd');

to get a copy of the passwd file in the browser. Ok, you may now disable functions like exec, passthru etc. and if you finished that you and up with a configuration that is very similar to what safemode offers in one option.

So the recommendation is to enable sfaemode whenever its possible. In case it is not possible, you shout at least set individual settings like open_basedir and disable unneeded functions via php_admin_flag and php_admin_value in the apache directibves field in the website.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote