|
|
Posted by Schraalhans Keukenmeester on 04/02/07 21:36
hansBKK wrote:
> Schraalhans,
>
> I'm sorry but you've totally lost me, and perhaps misunderstood my
> intentions here. From my OP:
>
>>> I am looking for a host that will provide the right environment for
> this - running a wide variety of PHP applications. I realise that
> security is also important, but for now flexibility is more important to
> me.
>
> In other words, I'm NOT trying to create a secure system, I'm trying to
> find a host where I can basically just upload and install any of the
> mainstream scripts and start to use them. I *do not* want to have to
> mess with WordPress core code, or try to figure out what drupal modules
> I can use and which I can't, I'm "just a user", want to install the app
> and use it!
>
> Of course it's in a shared environment, I'm not going to get a VPS just
> to play and learn am I?
>
> Why would I care that someone could read my php/html? There's nothing
> sensitive there. . .
>
> I really can't understand anything you're telling me, as I said in my
> OP, I'm a newbie just starting out. If any of your message could be
> helpful to me, I think I need a translator first <g>
>
> But I'll give it a shot:
>
> safe_mode should be off, openbasedir should be off, $GLOBALS should be
> on, is that right? Or at least be able to override them in .htaccess or
> php.ini?
>
>> 'potentially dangerous' functions such as eval, exec, passthru &
>> system. Note egrep with the -e option internally invokes eval as well)
>> in their php setup, in that case it is _REALLY_ easy to peek at any
>> other clients data.
>
> As I said I'm not concerned about that - so do I want the functions
> allowed or disabled?
>
>> Include files should best be kept in a directory above webroot,
>> something my own provider took some time to understand. (you can adapt
>> your include path in .htaccess btw). It helps to block every .inc file
>> (or whatever extension you prefer for includes) in .htaccess as well.
>
> Huh? What is an include file, and why would I want to block it?
>> If you're really concerned about security, also remember to set
>> another default path for session files, since they mostly end up in
>> /tmp, accessible for all the clients.
>
> I'm NOT at all concerned about security, getting less so by the minute,
> my head hurts!
>
>> HTH, good luck with your decision!
>
> Looks like I'll need it! <g>
From your original post title I (mis)read you were interested in
security. If all you need is a 'playground' you probably are better off
setting up your own server than pay for a hosting scheme.
And -probably pearls and swine- you -as Jerry said- should definitely
care about security, for a plethora of reasons. If it doesn't interest
you now, you surely gonna look upon it as 'a burden' later, when perhaps
you decide to do more with your acquired skills & knowledge. In which
case, remind me not to hire you ;-)
I'm sorry if I sound sarcastic, but I'm at the point of throwing in the
towel answering people's questions only to find out they don't give a
rat's behind about whatever reply they get.
Nonetheless, good luck, and I hope you belong to the salt of the earth
and take the advice to heart.
Rgds
Sh.
Navigation:
[Reply to this message]
|