At 4:54 PM + 2/28/01, Philip Reynolds wrote:
Batonik's [[EMAIL PROTECTED]] 15 lines of wisdom included:
:Hi,
:
: I've heard that it is possible, for security reasons, to disable
:such functions like phpinfo(). How can I do this?
You can edit the sources...
PHP4: $PHP_BASE_DIR/ext/standard/basic_functions.c
You're looking for a struct called
function_entry basic_functions[]
On my version (4.0.4-pl1) it's on line 91.
Your functions are listed there..
for example, delete line "PHP_FE(time, NULL)"
which is on line 100 on my version disables the time function.
However, why you want to disable functions is beyond me, to make PHP
"safe" you're going to have to disable a LOT of functions..
There might be some PHP4 way to disable functions, I think there
might be some way to do it from php.ini, but I can't find it
offhand.
Phil.
It's not documented yet at
http://www.php.net/manual/en/configuration.php
, but you can use the following in your php.ini file:
disable_functions = ; This directive allows you to disable certain
; functions for security reasons. It receives
; a comma separated list of function names.
; This directive is *NOT* affected by whether
; Safe Mode is turned on or off.
I presume you could use the
php_value disable_functions phpinfo
syntax in your httpd.conf or .htaccess (you might need to use
php_admin_value instead of php_value). This is available in php
4.0.4; I don't know about availability in earlier versions. I don't
use this, though, so I'm just copying from the provided .ini file.
-steve
--
+--- "They've got a cherry pie there, that'll kill ya" --+
| Steve Edberg University of California, Davis |
| [EMAIL PROTECTED] Computer Consultant |
| http://aesric.ucdavis.edu/ http://pgfsun.ucdavis.edu/ |
+-- FBI Special Agent Dale Cooper ---+
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]