Re: Solutions for securing PHP at all
Don't forget to setup php_admin_value open_basedir /some/path/for/your/users
This is very important if all your users uses the same apache UID/GID.
If you don't set that up, then a user will be able to write in another
user's folder using a (very simple) php script.
Hagen Kuehnel wrote:
You can set the Envelope-From in the vHost-Directive with sendmail_path
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -firstname.lastname@example.org
Thanks a lot for that nice mail() tip. Do you think it's compatible with
Postfix and/or Qmail? If yes, I'm going to do it asap in my control
panel and push it to CVS. If not
GPLHost:>_ Open source hosting worldwide
Webspaces featuring GPL control panel
Maykel Moya wrote:
Following Frédéric's mail. What do you suggest for securing PHP sites.
I'd been using 'safe_mode = On' and /tmp with noexec,nosuid but would
like to hear another experiences.