Securing php: ezpublish

To: debian-user@lists.debian.org
Subject: Securing php: ezpublish
From: John Summerfield <debian@ComputerDatasafe.com.au>
Date: Wed, 01 Sep 2004 11:44:28 +0800
Message-id: <[🔎] 4135459C.2060005@ComputerDatasafe.com.au>
Reply-to: root@localhost.dyndns.org

I'm setting up some CMS software I found at ez.no. There's a Debianpackage, but it's old and non-trivial to set up, so I've downloaded thetarball from ez.no.

The instructions say to configure php with safe_mode off. That doesn'texcite me very much: I know little about PHP, but it sounds to me like"on" is better than "off."

OTOH, "on" does cause problems. I want users to be able to upload stuff,and that means that PHP needs to write somewhere.

However, PHP, with safe_mode on, wants the directories PHP scriptsread/write have the same ownership as the scripts. atm the scripts areowned by root and that's fine by me.


What do the experts do? Esp those who use ezpublish.

I've taken the liberty of bccing the maintainer, hoping Jonas will addhis wisdom to the list and not be too offended.





--

Cheers
John

-- spambait
1aaaaaaa@computerdatasafe.com.au  Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

Reply to:

Prev by Date: Re: question about dd reading of CD
Next by Date: need iptables port forwarding help!
Previous by thread: question about growisofs
Next by thread: need iptables port forwarding help!
Index(es):
- Date
- Thread