I run a webhosting service and am about to offer MySQL to .PHP customers; and
am wondering if there is a way with in Apache Virtual Host directives to ...
- enable/disable safe mode (we have some scripts on our https server and we
need to be able to set up new websites etc, but we want to secure all
customer sites, or is it better to make the owner of such scripts root, so
the less exploits occur?)
- enable/disable specific functions it would be nice to disable mysql_*
functions, so even if they got someone's password to a database, they can't
exactly do a whole lot! :) Perhaps that could be done by a 'use this php.ini'
- also, what is the directive to disable the php enging for a site?
"php_engine off" wasn't understood by Apache.
Is this possible without running multiple httpd daemons etc?
Running Redhat 7.1, Apache 1.3.19/PHP 4.0.4.
Any suggestions in improving security as a whole is appreciated.
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]