[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Solutions for securing PHP at all

Don't forget to setup php_admin_value open_basedir /some/path/for/your/users

This is very important if all your users uses the same apache UID/GID. If you don't set that up, then a user will be able to write in another user's folder using a (very simple) php script.

Hagen Kuehnel wrote:

You can set the Envelope-From in the vHost-Directive with sendmail_path
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -fwww-data@example.com

Thanks a lot for that nice mail() tip. Do you think it's compatible with Postfix and/or Qmail? If yes, I'm going to do it asap in my control panel and push it to CVS. If not

GPLHost:>_ Open source hosting worldwide
Webspaces featuring GPL control panel

Maykel Moya wrote:

Following Frédéric's mail. What do you suggest for securing PHP sites.
I'd been using 'safe_mode = On' and /tmp with noexec,nosuid but would
like to hear another experiences.


Reply to: