php-general Digest 10 Nov 2007 00:39:05 -0000 Issue 5119
Topics (messages 264263 through 264291):
Re: PHP ide?
264263 by: Colin Guthrie
264266 by: Lester Caine
264279 by: Instruct ICC
264281 by: Børge Holen
Re: [PHP-DB] Re: MySQL Identifying worst-performing codes
264264 by: Mark Summers
Re: Creating PDF files with more than one font?
264265 by: Jay Blanchard
Help securing a server : Owned by W4n73d H4ck3r
264267 by: robert mena
264268 by: Daniel Brown
264269 by: David Giragosian
264270 by: robert mena
264271 by: Edward Kay
264272 by: Daniel Brown
264274 by: robert mena
264275 by: Daniel Brown
264276 by: Tom Chubb
264277 by: Bastien Koert
264280 by: Instruct ICC
264282 by: Daniel Brown
chrooted php5-cgi in a non chrooted apache
264273 by: Joerg Schoppet
Re: PHP ide? Back On Topic
264278 by: Instruct ICC
debugging imap_open
264283 by: John Gunther
Sending Mails
264284 by: Alberto García Gómez
264285 by: John Gunther
264286 by: Alberto García Gómez
264290 by: John Gunther
Local vs Master Configure values
264287 by: tedd
264288 by: Nathan Nobbe
264289 by: Nathan Nobbe
264291 by: David Giragosian
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Lester Caine wrote:
> Robert Cummings wrote:
>> Ubuntu = Debian + New Life
>
> Mandriva has Eclipse and PHPEclipse 'out of the box' along with Apache
> and PHP
> I can build a fully functional development machine from a pile of bits
> in under an hour ;)
> And currently that includes downloading the latest updates :)
>
+1 for Mandriva :)
As a long time Mandriva user and not-such-a-long time contributor, I've
looked on the rise of Ubuntu with great interest. I think where they've
excelled is in community - it's definitely got a lot of momentum.... but
where this falls down is the lack of centralised management. There are
simply too many independent package repositories out there doing there
own packages and not necessarily getting them all correct with their
naming and obsoletion etc. This makes it difficult for people upgrading
in the future from ad-hoc third party packages to official packages. One
of the things I like about Linux (distros) is the central
packaging/deployment system as it keeps things neat, tidy and, most
importantly, structured... Just my €0.02.
Col
--- End Message ---
--- Begin Message ---
Tiago Silva wrote:
Lester Caine escreveu:
Robert Cummings wrote:
Ubuntu = Debian + New Life
Mandriva has Eclipse and PHPEclipse 'out of the box' along with Apache
and PHP
I can build a fully functional development machine from a pile of bits
in under an hour ;)
And currently that includes downloading the latest updates :)
I use an OS called Windows Vista :-P
hahahha crap(I use openSuse... ;-) )
Guys, talking about features of distributions is a looping
question...it's a vicious endless thing...
let's talk about PHP ide's ok?
I use eclipse, with PHPEclipse it's fullfeatured for PHP, look, FOR PHP!
The good programmer don't need a full featured IDE, like Delphi for PHP
and anyothers that wrap you behind the scenes...
Not had to bother with vista yet - in fact a lot of my hardware intensive
stuff simply will not run on it :(
BUT the best thing about Eclipse is that it runs the same on windows as Linux,
so I don't have to have different environments on each. I just run a local CSV
server and sync things between the two environments. And now I can move stuff
that was originally developed on Windows over to Linux
- or replace it with PHP powered stuff :)
--
Lester Caine - G8HFL
-----------------------------
Contact - http://home.lsces.co.uk/lsces/wiki/?page=contact
L.S.Caine Electronic Services - http://home.lsces.co.uk
MEDW - http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Firebird - http://www.firebirdsql.org/index.php
--- End Message ---
--- Begin Message ---
> >> Ubuntu = Debian + New Life
> >
> > Mandriva has Eclipse and PHPEclipse 'out of the box' along with Apache
> > and PHP
> > I can build a fully functional development machine from a pile of bits
> > in under an hour ;)
> > And currently that includes downloading the latest updates :)
> >
>
> +1 for Mandriva :)
>
> As a long time Mandriva user and not-such-a-long time contributor, I've
> looked on the rise of Ubuntu with great interest. I think where they've
> excelled is in community - it's definitely got a lot of momentum.... but
> where this falls down is the lack of centralised management. There are
> simply too many independent package repositories out there doing there
> own packages and not necessarily getting them all correct with their
> naming and obsoletion etc. This makes it difficult for people upgrading
> in the future from ad-hoc third party packages to official packages. One
> of the things I like about Linux (distros) is the central
> packaging/deployment system as it keeps things neat, tidy and, most
> importantly, structured... Just my €0.02.
I think PCLinuxOS is based on Mandriva (I could be wrong), and it passed Ubuntu
on distrowatch.com
_________________________________________________________________
Peek-a-boo FREE Tricks & Treats for You!
http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us
--- End Message ---
--- Begin Message ---
On Friday 09 November 2007 18:45:27 Instruct ICC wrote:
> > >> Ubuntu = Debian + New Life
> > >
> > > Mandriva has Eclipse and PHPEclipse 'out of the box' along with Apache
> > > and PHP
> > > I can build a fully functional development machine from a pile of bits
> > > in under an hour ;)
> > > And currently that includes downloading the latest updates :)
> >
> > +1 for Mandriva :)
> >
> > As a long time Mandriva user and not-such-a-long time contributor, I've
> > looked on the rise of Ubuntu with great interest. I think where they've
> > excelled is in community - it's definitely got a lot of momentum.... but
> > where this falls down is the lack of centralised management. There are
> > simply too many independent package repositories out there doing there
> > own packages and not necessarily getting them all correct with their
> > naming and obsoletion etc. This makes it difficult for people upgrading
> > in the future from ad-hoc third party packages to official packages. One
> > of the things I like about Linux (distros) is the central
> > packaging/deployment system as it keeps things neat, tidy and, most
> > importantly, structured... Just my €0.02.
>
> I think PCLinuxOS is based on Mandriva (I could be wrong), and it passed
> Ubuntu on distrowatch.com
and the whole series is based from redhat.
>
> _________________________________________________________________
> Peek-a-boo FREE Tricks & Treats for You!
> http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us
--
---
Børge Holen
http://www.arivene.net
--- End Message ---
--- Begin Message ---
There may be something useful here...
http://forge.mysql.com/
chris smith wrote:
> On Nov 9, 2007 1:18 AM, Colin Guthrie <[EMAIL PROTECTED]> wrote:
>
>> Lasitha Alawatta wrote:
>>
>>> There is a tool call "idera" (SQL diagnostic manager). Basically it is
>>> a performance monitoring and diagnostics tool.
>>>
>>> It has a feature;
>>> Identifying of worst-performing codes –
>>>
>>> Identifies performance bottlenecks such as the worst-performing stored
>>> procedures, long-running queries, most frequently run queries, SQL
>>> Statements and SQL batches
>>>
>>> http://www.idera.com/Products/SQLdm/Features.aspx
>>>
>>>
>>> I'm looking for a same like tool for MySQL. Is anyone have any ideas.
>>>
>> I know this is OT for this list but.....
>>
>> In addition to the slow query logging I mentioned before (which you
>> seemed to appreciate :)), I've just stumbled across this:
>> http://rackerhacker.com/mysqltuner/
>>
>
> http://jeremy.zawodny.com/mysql/mytop/ might come in handy too.
>
>
--- End Message ---
--- Begin Message ---
[snip]
I often see that it uses .afm files, can it use .ttf format files?
[/snip]
FPDF can use true type fonts
--- End Message ---
--- Begin Message ---
Hi,
One server that hosts several domains ended up with the message "Owned
by W4n73d H4ck3r". While still performing an audit I am very
confident that this was caused by a php script (it is a linux server)
uploaded via FTP or by a defective site hosted (perhaps vulnerable
version of a CMS).
The symptons seem clear, files owned by apache are vulnerable and the
attacker script scanned the web tree and started running.
So, basically two questions:
- how to detect where this came from
- how to prevent it from happening again
Thanks.
--- End Message ---
--- Begin Message ---
On Nov 9, 2007 9:27 AM, robert mena <[EMAIL PROTECTED]> wrote:
> Hi,
>
> One server that hosts several domains ended up with the message "Owned
> by W4n73d H4ck3r". While still performing an audit I am very
> confident that this was caused by a php script (it is a linux server)
> uploaded via FTP or by a defective site hosted (perhaps vulnerable
> version of a CMS).
>
> The symptons seem clear, files owned by apache are vulnerable and the
> attacker script scanned the web tree and started running.
>
> So, basically two questions:
> - how to detect where this came from
> - how to prevent it from happening again
>
> Thanks.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Robert,
That's really not so much a PHP question, but a general Linux
security question. Primarily, my job is computer forensics and
security, so if you'd like, you can reply to me off-list and I'll be
glad to offer you a hand.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--- End Message ---
--- Begin Message ---
On 11/9/07, Daniel Brown <[EMAIL PROTECTED]> wrote:
>
> On Nov 9, 2007 9:27 AM, robert mena <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > One server that hosts several domains ended up with the message "Owned
> > by W4n73d H4ck3r". While still performing an audit I am very
> > confident that this was caused by a php script (it is a linux server)
> > uploaded via FTP or by a defective site hosted (perhaps vulnerable
> > version of a CMS).
> >
> > The symptons seem clear, files owned by apache are vulnerable and the
> > attacker script scanned the web tree and started running.
> >
> > So, basically two questions:
> > - how to detect where this came from
> > - how to prevent it from happening again
> >
> > Thanks.
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> Robert,
>
> That's really not so much a PHP question, but a general Linux
> security question. Primarily, my job is computer forensics and
> security, so if you'd like, you can reply to me off-list and I'll be
> glad to offer you a hand.
>
> --
> Daniel P. Brown
> [office] (570-) 587-7080 Ext. 272
> [mobile] (570-) 766-8107
>
> If at first you don't succeed, stick to what you know best so that you
> can make enough money to pay someone else to do it for you.
I'd be interested in reading this thread. OK with me to keep it on the list.
David
--- End Message ---
--- Begin Message ---
Hi Daniel,
Thanks for the reply.
I agree that there are steps that go outside php scope (chroot apache
etc) but I think this partially belongs to this list specially since
google shows that the same message (perhaps a copycat?) appears in
tons of sites.
I was hoping that someone already had tips regarding the php part
(like disabling some functions etc).
But since I am also copying you directly please feel free to email me privately.
Thanks again.
On Nov 9, 2007 11:41 AM, Daniel Brown <[EMAIL PROTECTED]> wrote:
>
> On Nov 9, 2007 9:27 AM, robert mena <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > One server that hosts several domains ended up with the message "Owned
> > by W4n73d H4ck3r". While still performing an audit I am very
> > confident that this was caused by a php script (it is a linux server)
> > uploaded via FTP or by a defective site hosted (perhaps vulnerable
> > version of a CMS).
> >
> > The symptons seem clear, files owned by apache are vulnerable and the
> > attacker script scanned the web tree and started running.
> >
> > So, basically two questions:
> > - how to detect where this came from
> > - how to prevent it from happening again
> >
> > Thanks.
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> Robert,
>
> That's really not so much a PHP question, but a general Linux
> security question. Primarily, my job is computer forensics and
> security, so if you'd like, you can reply to me off-list and I'll be
> glad to offer you a hand.
>
> --
> Daniel P. Brown
> [office] (570-) 587-7080 Ext. 272
> [mobile] (570-) 766-8107
>
> If at first you don't succeed, stick to what you know best so that you
> can make enough money to pay someone else to do it for you.
>
--- End Message ---
--- Begin Message ---
>
> I'd be interested in reading this thread. OK with me to keep it
> on the list.
>
Ditto.
--- End Message ---
--- Begin Message ---
On Nov 9, 2007 10:05 AM, robert mena <[EMAIL PROTECTED]> wrote:
> Hi Daniel,
>
> Thanks for the reply.
>
> I agree that there are steps that go outside php scope (chroot apache
> etc) but I think this partially belongs to this list specially since
> google shows that the same message (perhaps a copycat?) appears in
> tons of sites.
>
> I was hoping that someone already had tips regarding the php part
> (like disabling some functions etc).
>
> But since I am also copying you directly please feel free to email me
> privately.
>
> Thanks again.
>
>
> On Nov 9, 2007 11:41 AM, Daniel Brown <[EMAIL PROTECTED]> wrote:
> >
> > On Nov 9, 2007 9:27 AM, robert mena <[EMAIL PROTECTED]> wrote:
> > > Hi,
> > >
> > > One server that hosts several domains ended up with the message "Owned
> > > by W4n73d H4ck3r". While still performing an audit I am very
> > > confident that this was caused by a php script (it is a linux server)
> > > uploaded via FTP or by a defective site hosted (perhaps vulnerable
> > > version of a CMS).
> > >
> > > The symptons seem clear, files owned by apache are vulnerable and the
> > > attacker script scanned the web tree and started running.
> > >
> > > So, basically two questions:
> > > - how to detect where this came from
> > > - how to prevent it from happening again
> > >
> > > Thanks.
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> >
> > Robert,
> >
> > That's really not so much a PHP question, but a general Linux
> > security question. Primarily, my job is computer forensics and
> > security, so if you'd like, you can reply to me off-list and I'll be
> > glad to offer you a hand.
> >
> > --
> > Daniel P. Brown
> > [office] (570-) 587-7080 Ext. 272
> > [mobile] (570-) 766-8107
> >
> > If at first you don't succeed, stick to what you know best so that you
> > can make enough money to pay someone else to do it for you.
> >
>
It's all good. We go off on tangents enough here anyway, so I
suppose one more wouldn't hurt. ;-P
The person doing this seems to be relatively new to the scene,
only defacing websites with common vulnerabilities that you can find
anywhere on the Internet (http://astalavista.box.sk/ for example).
Check out Zone-H (http://www.zone-h.net/) to see if your domains are
on there, and to see if you can build a pattern from his/her past
exploits. That should help you in determining how he/she is doing it.
You're on the right track in guessing that it was CMS-related.
Remember how many sites and servers were compromised when phpBB
exploits were announced and left unpatched? These jackass skript
kiddies just Google for known versions and deface whatever they can.
It's not like the old days where you picked a target and found a way
in.... now it's just that you pick your way in and find a target.
*yawn!* No challenge anymore.... these kids are too lazy....
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--- End Message ---
--- Begin Message ---
Hi Daniel,
According to the audit this happened yesterday.
I am searching astalavista but could not find anything, probably
because I am being too specific.
>From the php side (or closely) what steps would you recommend in order
to have a better security?
I could not find a consistent 'list' of configuration settings to
disable or change besides the register_globals.
>From the system side my list so far includes (some already in place previous)
- no devel tools installed on the server (gcc etc)
- /tmp mounted with no_exec
- chroot apache
- use mod_security
Thanks.
> >
>
> It's all good. We go off on tangents enough here anyway, so I
> suppose one more wouldn't hurt. ;-P
>
> The person doing this seems to be relatively new to the scene,
> only defacing websites with common vulnerabilities that you can find
> anywhere on the Internet (http://astalavista.box.sk/ for example).
> Check out Zone-H (http://www.zone-h.net/) to see if your domains are
> on there, and to see if you can build a pattern from his/her past
> exploits. That should help you in determining how he/she is doing it.
>
> You're on the right track in guessing that it was CMS-related.
> Remember how many sites and servers were compromised when phpBB
> exploits were announced and left unpatched? These jackass skript
> kiddies just Google for known versions and deface whatever they can.
> It's not like the old days where you picked a target and found a way
> in.... now it's just that you pick your way in and find a target.
>
> *yawn!* No challenge anymore.... these kids are too lazy....
>
>
> --
>
> Daniel P. Brown
> [office] (570-) 587-7080 Ext. 272
> [mobile] (570-) 766-8107
>
> If at first you don't succeed, stick to what you know best so that you
> can make enough money to pay someone else to do it for you.
>
--- End Message ---
--- Begin Message ---
On Nov 9, 2007 10:48 AM, robert mena <[EMAIL PROTECTED]> wrote:
> Hi Daniel,
>
> According to the audit this happened yesterday.
>
> I am searching astalavista but could not find anything, probably
> because I am being too specific.
>
> From the php side (or closely) what steps would you recommend in order
> to have a better security?
>
> I could not find a consistent 'list' of configuration settings to
> disable or change besides the register_globals.
>
> From the system side my list so far includes (some already in place previous)
> - no devel tools installed on the server (gcc etc)
> - /tmp mounted with no_exec
> - chroot apache
> - use mod_security
>
> Thanks.
>
>
> > >
> >
> > It's all good. We go off on tangents enough here anyway, so I
> > suppose one more wouldn't hurt. ;-P
> >
> > The person doing this seems to be relatively new to the scene,
> > only defacing websites with common vulnerabilities that you can find
> > anywhere on the Internet (http://astalavista.box.sk/ for example).
> > Check out Zone-H (http://www.zone-h.net/) to see if your domains are
> > on there, and to see if you can build a pattern from his/her past
> > exploits. That should help you in determining how he/she is doing it.
> >
> > You're on the right track in guessing that it was CMS-related.
> > Remember how many sites and servers were compromised when phpBB
> > exploits were announced and left unpatched? These jackass skript
> > kiddies just Google for known versions and deface whatever they can.
> > It's not like the old days where you picked a target and found a way
> > in.... now it's just that you pick your way in and find a target.
> >
> > *yawn!* No challenge anymore.... these kids are too lazy....
> >
> >
> > --
> >
> > Daniel P. Brown
> > [office] (570-) 587-7080 Ext. 272
> > [mobile] (570-) 766-8107
> >
> > If at first you don't succeed, stick to what you know best so that you
> > can make enough money to pay someone else to do it for you.
> >
>
Definitely phpSuExec on the PHP side.
However, you're not addressing the problem directly, only in
general scope. Go through your server logs to determine the specific
method of attack first, and work down from there. Having locks on the
doors is a good thing, but they don't help if you leave a window open.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--- End Message ---
--- Begin Message ---
Me too.
Guess a lot of us can learn something here from another's misfortune.
Thanks Robert and good luck
On 09/11/2007, Edward Kay <[EMAIL PROTECTED]> wrote:
>
>
> >
> > I'd be interested in reading this thread. OK with me to keep it
> > on the list.
> >
>
> Ditto.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
me, too this would be interesting
bastien> Date: Fri, 9 Nov 2007 09:01:09 -0600> From: [EMAIL PROTECTED]> To:
[EMAIL PROTECTED]> CC: [EMAIL PROTECTED]; [EMAIL PROTECTED]> Subject: Re: [PHP]
Help securing a server : Owned by W4n73d H4ck3r> > On 11/9/07, Daniel Brown
<[EMAIL PROTECTED]> wrote:> >> > On Nov 9, 2007 9:27 AM, robert mena <[EMAIL
PROTECTED]> wrote:> > > Hi,> > >> > > One server that hosts several domains
ended up with the message "Owned> > > by W4n73d H4ck3r". While still performing
an audit I am very> > > confident that this was caused by a php script (it is a
linux server)> > > uploaded via FTP or by a defective site hosted (perhaps
vulnerable> > > version of a CMS).> > >> > > The symptons seem clear, files
owned by apache are vulnerable and the> > > attacker script scanned the web
tree and started running.> > >> > > So, basically two questions:> > > - how to
detect where this came from> > > - how to prevent it from happening again> > >>
> > Thanks.> > >> > > --> > > PHP General Mailing List (http://www.php.net/)> >
> To unsubscribe, visit: http://www.php.net/unsub.php> > >> > >> >> > Robert,>
>> > That's really not so much a PHP question, but a general Linux> > security
question. Primarily, my job is computer forensics and> > security, so if you'd
like, you can reply to me off-list and I'll be> > glad to offer you a hand.> >>
> --> > Daniel P. Brown> > [office] (570-) 587-7080 Ext. 272> > [mobile] (570-)
766-8107> >> > If at first you don't succeed, stick to what you know best so
that you> > can make enough money to pay someone else to do it for you.> > >
I'd be interested in reading this thread. OK with me to keep it on the list.> >
David
_________________________________________________________________
Send a smile, make someone laugh, have some fun! Start now!
http://www.freemessengeremoticons.ca/?icid=EMENCA122
--- End Message ---
--- Begin Message ---
> > The person doing this seems to be relatively new to the scene,
> > only defacing websites with common vulnerabilities that you can find
> > anywhere on the Internet (http://astalavista.box.sk/ for example).
> > Check out Zone-H (http://www.zone-h.net/) to see if your domains are
> > on there, and to see if you can build a pattern from his/her past
> > exploits. That should help you in determining how he/she is doing it.
> >
> > You're on the right track in guessing that it was CMS-related.
> > Remember how many sites and servers were compromised when phpBB
> > exploits were announced and left unpatched? These jackass skript
> > kiddies just Google for known versions and deface whatever they can.
> > It's not like the old days where you picked a target and found a way
> > in.... now it's just that you pick your way in and find a target.
> >
> > *yawn!* No challenge anymore.... these kids are too lazy....
Are you using joomla cms ? Several google hits were about that one. My $0.02.
I'll defer to the security practitioner.
_________________________________________________________________
Peek-a-boo FREE Tricks & Treats for You!
http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us
--- End Message ---
--- Begin Message ---
That's an old SPAW exploit. Google (gotta' love how that's a verb
now) for `spaw exploit` and the first result is MARC.
[NOTE: All previous text cleared because this is the THIRD time
I've sent the message after Mailman rejected it twice due to URLs in
log inclusion.]
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--- End Message ---
--- Begin Message ---
Hi,
actually I try to make my webserver-installation more secure. I've
something in mind, but don't know if it is possible and if so, how to do
it ;-)
Actually I have the following config:
Directory-Structure:
/var/www
domain1
conf
cgi-bin
web
htdocs
logs
domain2
I've installed mod_fastcgi in apache and uses suexec.
In each /var/www/domainx/cgi-bin I have a php-fcgi-starter-file, which
starts /usr/bin/php5-cgi.
Actually I see the following problem: I can run each "domain" under a
different user, but the developer within each "domain" can program
php-code to at least VIEW a lot of other things outside the
domain-directory.
Now I thought about the following:
If I can create a chroot-jail within /var/www/domainx/web and let
php5-cgi be executed within this chroot-jail, the developers would only
see there own directory structure like
var/www/domain1/web
etc
bin
usr
home
What I've get so far is, that I've created a chroot jail within the
web-directory. I can chroot to there and execute php (I used "jailer",
for this).
But I don't get it to work that mod_fastcgi starts the chroot-jail.
I googled a lot, but only found howtos and tutorials how to put the
complete apache into a jail, but this is not what I want. Each domain
have to be in its own jail.
Can someone help me / point me in the right direction?
Thanks in advance
Joerg Schoppet
--- End Message ---
--- Begin Message ---
> But I highly doubt you'll find a first-class PHP code IDE (Zend Studio) that
> is also a first-class HTML layout tool (Dreamweaver).
My 2006 rant said I'll accept multiple tools. I'll have to find that post and
see if my needs have changed. Ahh here:
I am looking for a tool (or tools) that can do the following:
Use a Model Driven Architecture (Ex. Gentleware's "just model" concept and
Applied Models' "the model is the program" concept)
UML (Ex. Sun Java Studio Enterprise)
Generate Database from UML (Ex. Umbrello)
Generate Classes from UML (Ex. Umbrello/Sun Java Studio Enterprise -- backend
classes)
UI Design (Ex. Netbeans Matisse -- frontend classes)
Integrate AJAX toolkits (Ex. Aptana/Dojo/jMaki)
Separate application code from presentation, Model-View-Controller (Ex.
Smarty/symfony)
Deploy/Convert to HTML/Javascript (Ex. Google Web Toolkit/Visual Web Developer
2005 Express Edition --> design in Design view and have automatic code
generated in "code behind" Source view)
Code Refactoring (Ex. Sun Java Studio Enterprise/Netbeans)
The above tools do some part of the workflow I want, but they do not play well
together as far as I know (usually because they are based on a specific
language or dialect of that language). And some do not have a web application
as the deployment target.
> Then you don't want to be working in HTML.
True. With the ongoing browser wars, let vendors like Yahoo and YUI handle
that layer.
And let's start getting some decent requirements
http://www.serena.com/products/prototype-composer/home.html and
http://www.visual-paradigm.com/
Okay okay, maybe I'm advancing myself out of a job.
_________________________________________________________________
Help yourself to FREE treats served up daily at the Messenger Café. Stop by
today.
http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
--- End Message ---
--- Begin Message ---
I'm trying to use imap functions for the first time and always get
"Couldn't open stream" errors so I turned on both kinds of debugging.
Unfortunately I can't find debugging output anywhere. What am I doing
wrong? Here's my code:
ini_set('error_log','/tmp/imap.txt');
$po='{mail.usservas.org:143/debug}';
$mbox = imap_open($po, $user, $password ,OP_DEBUG);
Thanks for the help.
John Gunther
--- End Message ---
--- Begin Message ---
I want to use the mail() function but doesn't work so I have some questions:
1. Is necessary that sendmail must be installed in the server to use this
function?
2. Is necessary that sendmail must be running to use this function?
3. Is necessary that sendmail must be proper configure to use this function?
Este correo ha sido enviado desde el Politécnico de Informática "Carlos Marx"
de Matanzas.
"La gran batalla se librará en el campo de las ideas"
--- End Message ---
--- Begin Message ---
All true. sendmail or a sendmail shell must be running. The sendmail
command to use can be customized in the sendmail_path directive in the
php.ini configuration file.
If you can't manually use sendmail to send an email, php can't either.
John Gunther
Alberto García Gómez wrote:
I want to use the mail() function but doesn't work so I have some questions:
1. Is necessary that sendmail must be installed in the server to use this
function?
2. Is necessary that sendmail must be running to use this function?
3. Is necessary that sendmail must be proper configure to use this function?
Este correo ha sido enviado desde el Politécnico de Informática "Carlos Marx"
de Matanzas.
"La gran batalla se librará en el campo de las ideas"
--- End Message ---
--- Begin Message ---
John, those are the lines in the log file when I try to send a mail using
mail() function. PLease let me know my errors.
Nov 9 15:26:17 shannon sendmail[8649]: lA9KQHYt008649: from=apache,
size=82, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Nov 9 15:26:17 shannon sendmail[8650]: lA9KQHhY008650:
from=<[EMAIL PROTECTED]>, size=382, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=Daemon0, relay=shannon.ipimtzcm.rimed.cu [127.0.0.1]
Nov 9 15:26:17 shannon sendmail[8649]: lA9KQHYt008649:
[EMAIL PROTECTED], ctladdr=apache (48/48), delay=00:00:00,
xdelay=00:00:00, mailer=relay, pri=30082, relay=[127.0.0.1] [127.0.0.1],
dsn=2.0.0, stat=Sent (lA9KQHhY008650 Message accepted for delivery)
----- Original Message -----
From: "John Gunther" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, November 09, 2007 03:16 PM
Subject: [PHP] Re: Sending Mails
All true. sendmail or a sendmail shell must be running. The sendmail
command to use can be customized in the sendmail_path directive in the
php.ini configuration file.
If you can't manually use sendmail to send an email, php can't either.
John Gunther
Alberto García Gómez wrote:
I want to use the mail() function but doesn't work so I have some
questions:
1. Is necessary that sendmail must be installed in the server to use this
function?
2. Is necessary that sendmail must be running to use this function?
3. Is necessary that sendmail must be proper configure to use this
function?
Este correo ha sido enviado desde el Politécnico de Informática "Carlos
Marx" de Matanzas.
"La gran batalla se librará en el campo de las ideas"
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Este correo ha sido enviado desde el Politécnico de Informática "Carlos Marx"
de Matanzas.
"La gran batalla se librará en el campo de las ideas"
--- End Message ---
--- Begin Message ---
From what you posted, it looks like it was successful: stat=Sent
(lA9KQHhY008650 Message accepted for delivery)
If it isn't arriving, the cause may be down the line.
John
Alberto García Gómez wrote:
John, those are the lines in the log file when I try to send a mail
using mail() function. PLease let me know my errors.
Nov 9 15:26:17 shannon sendmail[8649]: lA9KQHYt008649: from=apache,
size=82, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Nov 9 15:26:17 shannon sendmail[8650]: lA9KQHhY008650:
from=<[EMAIL PROTECTED]>, size=382, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>,
proto=ESMTP, daemon=Daemon0, relay=shannon.ipimtzcm.rimed.cu [127.0.0.1]
Nov 9 15:26:17 shannon sendmail[8649]: lA9KQHYt008649:
[EMAIL PROTECTED], ctladdr=apache (48/48), delay=00:00:00,
xdelay=00:00:00, mailer=relay, pri=30082, relay=[127.0.0.1] [127.0.0.1],
dsn=2.0.0, stat=Sent (lA9KQHhY008650 Message accepted for delivery)
----- Original Message ----- From: "John Gunther" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, November 09, 2007 03:16 PM
Subject: [PHP] Re: Sending Mails
All true. sendmail or a sendmail shell must be running. The sendmail
command to use can be customized in the sendmail_path directive in the
php.ini configuration file.
If you can't manually use sendmail to send an email, php can't either.
John Gunther
--- End Message ---
--- Begin Message ---
Hi gang:
I'm confronting a safe_mode problem and have a question.
My PHP Info states that safe_mode is ON for local and OFF for master
-- what does that mean?
Does that mean I can turn it off for my scripts via something like:
ini_set( 'safe_mode', '0' ); ???
It's not easy for me to test and that's why I'm asking.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On Nov 9, 2007 4:24 PM, tedd <[EMAIL PROTECTED]> wrote:
> Hi gang:
>
> I'm confronting a safe_mode problem and have a question.
>
> My PHP Info states that safe_mode is ON for local and OFF for master
> -- what does that mean?
>
> Does that mean I can turn it off for my scripts via something like:
>
> ini_set( 'safe_mode', '0' ); ???
>
> It's not easy for me to test and that's why I'm asking.
see the manual for a description of where php.ini directives can be
overridden.
http://us.php.net/manual/en/ini.php
safe_mode can only be set in php.ini or httpd.conf
-nathan
--- End Message ---
--- Begin Message ---
On Nov 9, 2007 5:01 PM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
> On Nov 9, 2007 4:24 PM, tedd <[EMAIL PROTECTED]> wrote:
> > Hi gang:
> >
> > I'm confronting a safe_mode problem and have a question.
> >
> > My PHP Info states that safe_mode is ON for local and OFF for master
> > -- what does that mean?
o i forgot about this part. the global column depicts values in php.ini.
the local column indicates the value has been overridden in one of the various
allowed locations.
i.e.
httpd.conf
.htaccess
ini_set()
if its on for local and off for master; most likely it is being
enabled in http.conf
or a .htaccess file. at least thats what i would imagine based on the locations
that are allowed to override it as stated in the manual.
-nathan
--- End Message ---
--- Begin Message ---
On 11/9/07, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
>
> On Nov 9, 2007 5:01 PM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
> > On Nov 9, 2007 4:24 PM, tedd <[EMAIL PROTECTED]> wrote:
> > > Hi gang:
> > >
> > > I'm confronting a safe_mode problem and have a question.
> > >
> > > My PHP Info states that safe_mode is ON for local and OFF for master
> > > -- what does that mean?
>
> o i forgot about this part. the global column depicts values in php.ini.
> the local column indicates the value has been overridden in one of the
> various
> allowed locations.
> i.e.
> httpd.conf
> .htaccess
> ini_set()
>
> if its on for local and off for master; most likely it is being
> enabled in http.conf
> or a .htaccess file. at least thats what i would imagine based on the
> locations
> that are allowed to override it as stated in the manual.
>
> -nathan
safe_mode 's changeability is described as PHP_INI_SYSTEM, so the option can
be set in php.ini or httpd.conf only.
Constant Value Meaning PHP_INI_USER 1 Entry can be set in user scripts
PHP_INI_PERDIR 2 Entry can be set in php.ini, .htaccess or httpd.conf
PHP_INI_SYSTEM 4 Entry can be set in php.ini or httpd.conf PHP_INI_ALL 7 Entry
can be set anywhere
David
--- End Message ---
