[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: securing PHP (was: Kernel Crash Bug????)



On Tue, Jun 15, 2004 at 11:20:35AM +0200, Jeroen van Wolffelaar wrote:
> On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote:
> > On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
> > > On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
> > 
> > > > Does PHP allow executing arbitary binaries?
> > > > 
> > > [snip]
> > > 
> > > Yes, unless in your php.ini you have something along the lines of:
> > > disable_functions = system,passthru,shell_exec,popen,proc_open
> > 
> > Can somebody point me to some documentation about securing PHP?
> 
> http://php.net/security, a better solution to the above mentioned
> problem is 'safe_mode', which is intended to block all dangerous file
> access, executing, etc.
> 

See also:
 http://www.pookey.co.uk/php-security.xml
 http://www.pookey.co.uk/php-suphp.xml

Regards,
David.
-- 
 .''`.     David Ramsden <david@hexstream.eu.org>
: :'  :    http://david.hexstream.eu.org/
`. `'`     PGP key ID: 507B379B on wwwkeys.pgp.net
  `-  Debian - when you have better things to do than to fix a system.

Attachment: pgpcvjrFE58on.pgp
Description: PGP signature


Reply to: