Hey fella's, i thought i would start a thread for once :)
Ive got a 'php sandbox', that im encorparating into a simple php
tutorial. THe tutorial is much like any php tutoiral, and really, is
just for me to get more comfortable using and parsing xml with the dom
functions. What i would like to
Jason Davidson wrote:
Anywys.. heres the question.. what do you think is the most viable
solution for security.
1. run apache in chroot envirnment.
2. run php in safe_mode
3. simply str_replace all filesystem functions with nothing.
4. use the disable_function settings to disable filesystem
Hey, yup it is kind of dangerous, there is no argument there.
Currenly i have php running safemode, and apache is running with user
nobody. This combination makes it imposible for any filesystem
commands to work on anything that isnt owned by nobody.. its an
interesting situatoin i beleive...
3 matches
Mail list logo
