Ok, lets see if I can sum this up. I have a number of scripts that my clients (on a virtual host) can include into their PHP scripts to use my software. While my scripts need clear access to all functions (exec, eval, unlink, etc) I would like to stop my clients from having access to some of the more dangerous functions. But, I believe if my script is included in theirs it will be running from their directory and, therefore the httpd.conf file will be no good.
A quick thought -- It would be nice if we had a "authorization code" in the php.ini file that the more dangerous functions (exec for example) could be forced to receive before operating. So, if I was exec'ing adduser and my security string was "123" the call would have to be exec("adduser", "123") before exec would do anything. Does anyone have any ideas as to how this may be done? Thanks, Daryl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php