Ok, lets see if I can sum this up. I have a number of scripts that my
clients (on a virtual host) can include into their PHP scripts to use my
software. While my scripts need clear access to all functions (exec, eval,
unlink, etc) I would like to stop my clients from having access to some of
the more dangerous functions. But, I believe if my script is included in
theirs it will be running from their directory and, therefore the httpd.conf
file will be no good.
A quick thought -- It would be nice if we had a "authorization code" in the
php.ini file that the more dangerous functions (exec for example) could be
forced to receive before operating. So, if I was exec'ing adduser and my
security string was "123" the call would have to be exec("adduser", "123")
before exec would do anything.
Does anyone have any ideas as to how this may be done?
Thanks,
Daryl
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
