OK, after further investigation trying to create a reasonably secure enviroment for
midgard hosting..
In php.ini - Set safe mode to On
(It seems that if it is set to off and then in httpd.conf set to On php will ignore
this - however it appears to work the other way round)
For all 'SG0 sites' (which should only run 'SG0 code!!!!)
in the virtual host definition add
php_admin_value safe_mode Off
For all 'NON SG0 sites' eg site used by 'aliens :)'
#Change MidgardRoot (as midgard needs access to this)
MidgardRootFile "/var/www/safedirSG1/midgard-root.php"
#Secure down PHP's enviroment
php_admin_value open_basedir /var/www/safedirSG1
php_admin_value upload_tmp_dir /var/www/safedirSG1
php_admin_value doc_root /var/www/safedirSG1
php_admin_value safe_mode_exec_dir /var/www/safeexecdirSG1
#if the hosted sitegroup needs to write to a temporary place then then
#they can use ini_get("open_basedir");
Now I'm not to sure whether php sessions work in this enviroment for the 'non sg0
hosts' as I cant find any reference to where they are stored or whether they honour
these variables..
I'm also assuming that ini_set can not be modified when running safe_mode!!!
Any other thoughts would be appreciated.
regards
alan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
