Jason Davidson wrote:

Anywys.. heres the question.. what do you think is the most viable
solution for security. 1. run apache in chroot envirnment.
2. run php in safe_mode
3. simply str_replace all filesystem functions with nothing.
4. use the disable_function settings to disable filesystem functions...


5. .all of these
6. none of these....
7 . other.




All of those and a many more things besides!
for example the mail() function can send mail through the localy installed smtp server without a username and password so you need to watch for the mail function or perhaps even attempts to open a socket on localhost host. You will then need to watch out for include or fopen urls that will eat up bandwidth or worse.
all in all i think this is pretty dangerous.


THanks
Jason





--
Raditha Dissanayake.
------------------------------------------------------------------------
http://www.radinks.com/sftp/         | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 128 KB | with progress bar.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to