|
|
Posted by Miguel Cruz on 08/03/06 17:48
Sensei <senseiwa@mac.com> wrote:
> Miguel Cruz <spam@admin.u.nu> said:
>> Disable system() and similar functions. You will not have security
>> in a multi-untrusted-user environment when running PHP as an Apache
>> module unless you do this.
>
> Do you have any link that shows how to disable particular functions?
> How's the granularity that I can apply --- and that you suggest?
http://my2.php.net/manual/en/features.safe-mode.php#ini.disable-functions
You just put it in php.ini, and you can disable any functions you please.
For instance:
disable_functions = exec,passthru,proc_open,shell_exec,system
I wouldn't stake my career on it but I think that'll cover the ones that
allow PHP code to invoke arbitrary external programs.
miguel
--
Photos from 40 countries on 5 continents: http://travel.u.nu
Latest photos: Malaysia; Thailand; Singapore; Spain; Morocco
Airports of the world: http://airport.u.nu
Navigation:
[Reply to this message]
|