[PHP] safe_mode_include_dir not working
Hi all, I have PHP 4.1.2 as Apache module, Safe-Mode On. I want to use the safe_mode_include_dir directive and ... this does not work. I have this in the directory directive of httpd.conf, I put the include_path to exactly the same path, I use complete path, and I always get the safe-mode restriction in effect error. I have found some information about this directive working for 4.0.7 and higher, but nothing usefull ( I tried several configurations ) to me and nothing about 4.1.2. Any idea, or tricks from people for whom it works ? Many thanks, Estelle -- -- Estelle Martin mailto:[EMAIL PROTECTED] -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Image displaying problem
Hi all, I am using PHP 4.02 on a Solaris 8 box. We have a very strange problem : we have a program that choses banners to display on our sites. The code is a javascript, because it can be put on simple html pages. The images is chosen through a php code, that with header function sends the image. It works great, but in one case: when in a php page, we display the page coming from a form submission. In this case, the image is not displayed at all. There is no error in the logs, all the actions required in the php page sending the image are correctly performed, but the image is not here. When we hit reload, the image come. When we take the information about the image and type the address directly in the address field of the browser, the image displays correctly. The problem does not occur in Netscape 6.0. But in IE 4 and IE 5 ... One example: http://forum.megaphone.ch/search.php?f=6 Without a form submission, the banner (on the right top of the page) displays correctly. Try to submit the form, the image does not come :-( Thank you for helping, Estelle -- Estelle Martin MEGAPHONEhttp://www.megaphone.ch/ mailto:estelle @ megaphone.ch -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] PHP as apache module and security.
Hi, What do you think about the following configuration: 1) safe-mode on : this ensures that a php script can read only files that are owned by the same Unix user on the machine; then just check that people having a right to use php and mysql on your box have all a different corresponding Unix user. 2) open-basedir : put this parameter for each php directory to this directory; then the scripts cannot access files that are elsewhere on the server In Apache httpd.conf it would be like: Directory /path-to-a-php-directory AddType application/x-httpd-php .php .php4 AddType application/x-httpd-php-source .phps php_admin_value open_basedir '/path-to-a-php-directory' /Directory Has someone tested it ? Do you see a problem in it ? Estelle Andrzej Swedrzynski [EMAIL PROTECTED] a écrit dans le message news: [EMAIL PROTECTED] Hello! Recently someone asked how to ensure that no one will read pas sword from php file. The only response I noticed was to create group and add apache user (often nobody) to that group. I consi dered this and I can not see what would stop other users from writing php script (run also as nobody) which reads filesystem with permissions of apache? Is there a method of making php as module really secure? Regards, Andrzej -- http://kokosz.horyzont.net http://www.earthdawn.pl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]