[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Securing php: ezpublish

I'm setting up some CMS software I found at ez.no. There's a Debian package, but it's old and non-trivial to set up, so I've downloaded the tarball from ez.no.

The instructions say to configure php with safe_mode off. That doesn't excite me very much: I know little about PHP, but it sounds to me like "on" is better than "off."

OTOH, "on" does cause problems. I want users to be able to upload stuff, and that means that PHP needs to write somewhere.

However, PHP, with safe_mode on, wants the directories PHP scripts read/write have the same ownership as the scripts. atm the scripts are owned by root and that's fine by me.

What do the experts do? Esp those who use ezpublish.

I've taken the liberty of bccing the maintainer, hoping Jonas will add his wisdom to the list and not be too offended.



-- spambait
1aaaaaaa@computerdatasafe.com.au  Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

Reply to: