I read the support pages at php.net regarding php.ini. Am I correct in the
assumption that so long as you have php compiled as a module for apache that
you can than use apache style directives to override the default php.ini?

Furthmore, are these override directives allowed in a vhost container? Given
the example vhost container (taken from my existing server setup):

  ServerName www.example.com
  ServerAlias *.example.com

  php_value open_basedir = "e:\www\htdocs"

  DocumentRoot E:/www/htdocs

  <Directory E:/www/htdocs>
    Options IncludesNoExec MultiViews
    AllowOverride All
    Order allow,deny
    Allow from all

  Alias /logs/ "c:/Apache2/logs/www/"

  <Directory "c:/Apache2/logs/www/">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all

  ErrorLog c:/apache2/logs/www/error.log
  CustomLog c:/apache2/logs/www/access.log common
  TransferLog c:/apache2/logs/www/access.log

Would the additional directive I have added (php_value open_basedir =
"e:\www\htdocs") restrict php from executing any code, scripts and/or
fuctions from being executed for this virtual host only by limiting it to
the vhosts home directory?

I am obviously running apache/php/mysql in a Windows environment and I am
worried about security. Currently (using php) I can execute/issue any
command or function of my choosing with no restrictions whatsoever. For
example: I can create/delete directories, files etc....  This is obviously
not a secure environment for virtual hosting.

Any help concerning this matter would be appreciated.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to