Hello, I read the support pages at php.net regarding php.ini. Am I correct in the assumption that so long as you have php compiled as a module for apache that you can than use apache style directives to override the default php.ini?
Furthmore, are these override directives allowed in a vhost container? Given the example vhost container (taken from my existing server setup): <VirtualHost 127.0.0.1:80> ServerAdmin [EMAIL PROTECTED] ServerName www.example.com ServerAlias *.example.com php_value open_basedir = "e:\www\htdocs" DocumentRoot E:/www/htdocs <Directory E:/www/htdocs> Options IncludesNoExec MultiViews AllowOverride All Order allow,deny Allow from all </Directory> Alias /logs/ "c:/Apache2/logs/www/" <Directory "c:/Apache2/logs/www/"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> ErrorLog c:/apache2/logs/www/error.log CustomLog c:/apache2/logs/www/access.log common TransferLog c:/apache2/logs/www/access.log </VirtualHost> Would the additional directive I have added (php_value open_basedir = "e:\www\htdocs") restrict php from executing any code, scripts and/or fuctions from being executed for this virtual host only by limiting it to the vhosts home directory? I am obviously running apache/php/mysql in a Windows environment and I am worried about security. Currently (using php) I can execute/issue any command or function of my choosing with no restrictions whatsoever. For example: I can create/delete directories, files etc.... This is obviously not a secure environment for virtual hosting. Any help concerning this matter would be appreciated. Cheers, JTrusty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php