Posted by hansBKK on 04/02/07 08:56

Schraalhans,

I'm sorry but you've totally lost me, and perhaps misunderstood my
intentions here. From my OP:

>> I am looking for a host that will provide the right environment for
this - running a wide variety of PHP applications. I realise that
security is also important, but for now flexibility is more important to
me.

In other words, I'm NOT trying to create a secure system, I'm trying to
find a host where I can basically just upload and install any of the
mainstream scripts and start to use them. I *do not* want to have to
mess with WordPress core code, or try to figure out what drupal modules
I can use and which I can't, I'm "just a user", want to install the app
and use it!

Of course it's in a shared environment, I'm not going to get a VPS just
to play and learn am I?

Why would I care that someone could read my php/html? There's nothing
sensitive there. . .

I really can't understand anything you're telling me, as I said in my
OP, I'm a newbie just starting out. If any of your message could be
helpful to me, I think I need a translator first <g>

But I'll give it a shot:

safe_mode should be off, openbasedir should be off, $GLOBALS should be
on, is that right? Or at least be able to override them in .htaccess or
php.ini?

> 'potentially dangerous' functions such as eval, exec, passthru &
> system. Note egrep with the -e option internally invokes eval as well)
> in their php setup, in that case it is _REALLY_ easy to peek at any
> other clients data.

As I said I'm not concerned about that - so do I want the functions
allowed or disabled?

> Include files should best be kept in a directory above webroot,
> something my own provider took some time to understand. (you can adapt
> your include path in .htaccess btw). It helps to block every .inc file
> (or whatever extension you prefer for includes) in .htaccess as well.

Huh? What is an include file, and why would I want to block it?
>
> If you're really concerned about security, also remember to set
> another default path for session files, since they mostly end up in
> /tmp, accessible for all the clients.

I'm NOT at all concerned about security, getting less so by the minute,
my head hurts!

> HTH, good luck with your decision!

Looks like I'll need it! <g>

• Next in forum: Re: Choosing a host based on their PHP "security" measures
• Prev in forum: Re: Choosing a host based on their PHP "security" measures
• Thread view: Re: Choosing a host based on their PHP "security" measures

[Reply to this message]