On Tue, Jun 15, 2004 at 11:20:35AM +0200, Jeroen van Wolffelaar wrote: > On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote: > > On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote: > > > On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote: > > > > > > Does PHP allow executing arbitary binaries? > > > > > > > [snip] > > > > > > Yes, unless in your php.ini you have something along the lines of: > > > disable_functions = system,passthru,shell_exec,popen,proc_open > > > > Can somebody point me to some documentation about securing PHP? > > http://php.net/security, a better solution to the above mentioned > problem is 'safe_mode', which is intended to block all dangerous file > access, executing, etc. > See also: http://www.pookey.co.uk/php-security.xml http://www.pookey.co.uk/php-suphp.xml Regards, David. -- .''`. David Ramsden <david@hexstream.eu.org> : :' : http://david.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system.
Attachment:
pgpDLyj9HV8Ie.pgp
Description: PGP signature