Securing php: ezpublish
I'm setting up some CMS software I found at ez.no. There's a Debian
package, but it's old and non-trivial to set up, so I've downloaded the
tarball from ez.no.
The instructions say to configure php with safe_mode off. That doesn't
excite me very much: I know little about PHP, but it sounds to me like
"on" is better than "off."
OTOH, "on" does cause problems. I want users to be able to upload stuff,
and that means that PHP needs to write somewhere.
However, PHP, with safe_mode on, wants the directories PHP scripts
read/write have the same ownership as the scripts. atm the scripts are
owned by root and that's fine by me.
What do the experts do? Esp those who use ezpublish.
I've taken the liberty of bccing the maintainer, hoping Jonas will add
his wisdom to the list and not be too offended.
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/