[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: securing PHP (was: Kernel Crash Bug????)

On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote:
> On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
> > On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
> 
> > > Does PHP allow executing arbitary binaries?
> > > 
> > [snip]
> > 
> > Yes, unless in your php.ini you have something along the lines of:
> > disable_functions = system,passthru,shell_exec,popen,proc_open
> 
> Can somebody point me to some documentation about securing PHP?

http://php.net/security, a better solution to the above mentioned
problem is 'safe_mode', which is intended to block all dangerous file
access, executing, etc.

--Jeroen

-- 
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl
Reply to: