On Thursday 27 June 2002 02:49, Jason G Trusty wrote:
Hello,
I read the support pages at php.net regarding php.ini. Am I correct in the
assumption that so long as you have php compiled as a module for apache
that you can than use apache style directives to override the default
php.ini?
If php is compiled as an Apache module then yes you can use apache style
directives to override the default php.ini.
Furthmore, are these override directives allowed in a vhost container?
Given the example vhost container (taken from my existing server setup):
VirtualHost 127.0.0.1:80
ServerAdmin [EMAIL PROTECTED]
ServerName www.example.com
ServerAlias *.example.com
php_value open_basedir = e:\www\htdocs
I don't think you need the '=' sign. In fact apache (1.3.26) wouldn't start if
you have the '='.
Would the additional directive I have added (php_value open_basedir =
e:\www\htdocs) restrict php from executing any code, scripts and/or
fuctions from being executed for this virtual host only by limiting it to
the vhosts home directory
For open_basedir it's slightly different:
php_admin_value open_basedir = e:\www\htdocs
Not sure whereabouts in the manual php_value VS php_admin_value is documented
but there is an example in the chapter Safe Mode.
I am obviously running apache/php/mysql in a Windows environment and I am
worried about security. Currently (using php) I can execute/issue any
command or function of my choosing with no restrictions whatsoever. For
example: I can create/delete directories, files etc This is obviously
not a secure environment for virtual hosting.
If you're concerned about security then just specifying open_basedir is NOT
enough. For instance, on Linux at least, one can easily circumvent it by
running system commands eg:
exec('cat /etc/passwd');
echo `cat /etc/passwd`;
Thus you should always define 'safe_mode_exec_dir' as well.
--
Jason Wong - Gremlins Associates - www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
/*
... this must be what it's like to be a COLLEGE GRADUATE!!
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php