On Thursday 27 June 2002 02:49, Jason G Trusty wrote:
> Hello,
> I read the support pages at php.net regarding php.ini. Am I correct in the
> assumption that so long as you have php compiled as a module for apache
> that you can than use apache style directives to override the default
> php.ini?

If php is compiled as an Apache module then yes you can use apache style 
directives to override the default php.ini.

> Furthmore, are these override directives allowed in a vhost container?
> Given the example vhost container (taken from my existing server setup):
> <VirtualHost>
>   ServerAdmin [EMAIL PROTECTED]
>   ServerName www.example.com
>   ServerAlias *.example.com
>   php_value open_basedir = "e:\www\htdocs"

I don't think you need the '=' sign. In fact apache (1.3.26) wouldn't start if 
you have the '='.

> Would the additional directive I have added (php_value open_basedir =
> "e:\www\htdocs") restrict php from executing any code, scripts and/or
> fuctions from being executed for this virtual host only by limiting it to
> the vhosts home directory

For "open_basedir" it's slightly different:

php_admin_value open_basedir = "e:\www\htdocs"

Not sure whereabouts in the manual php_value VS php_admin_value is documented 
but there is an example in the chapter "Safe Mode".

> I am obviously running apache/php/mysql in a Windows environment and I am
> worried about security. Currently (using php) I can execute/issue any
> command or function of my choosing with no restrictions whatsoever. For
> example: I can create/delete directories, files etc....  This is obviously
> not a secure environment for virtual hosting.

If you're concerned about security then just specifying open_basedir is NOT 
enough. For instance, on Linux at least, one can easily circumvent it by 
running system commands eg:

exec('cat /etc/passwd');
echo `cat /etc/passwd`;

Thus you should always define 'safe_mode_exec_dir' as well.

Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

... this must be what it's like to be a COLLEGE GRADUATE!!

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to