Thanks. Looks like a properly configured safe mode could eliminate a
lot of problems. A few follow-up questions:
1. I see in the PHP doc comments a patch for Apache
(http://luxik.cdi.cz/~devik/apache/) that runs different virtual hosts
as different users. Anyone know anything about it, in
OK, my question #2 below is answered by the docs: Safe mode disabled
the backtick operator. But having turned on safe mode on my local test
server, I have another question: Suddenly my include statements that
user relative paths don't work. For example:
include
I run a PHP-based Web site hosted on a shared UNIX server provided by a
pretty standard Web hosting company -- as I imagine do many people.
There are a lot of users on this server, and I know nothing about them.
Apache (and thus PHP) generally runs as www or nobody, so although each
user
If your hosting provider has enabled safe mode then others can not
include scripts that have a different uid than the owner of the current
script, that prevents them from including your code.
As far as the files go you could checksum them or if you are honestly
concerned about them being changed
4 matches
Mail list logo
