Reply to Urgent | Info Required | PHP ini_set — PHP Programming Language

Posted by TJ on 11/08/06 07:28

Hello All,

We have a client who is providing Web Hosting Solutions. One of the
features include PHP Scripting.
For security reasons, we have disabled some PHP Functions including
'ini_set'. Some end customers actually want this function to be
enabled.

We have analyzed the list of directives which are available via
'ini_set' (PHP_INI_ALL). Refer: http://in.php.net/manual/en/ini.php

For us, this is a critical decision to make as some of the
configuration like memory_limit can be misused by customers.

We are using PHP v4.4.0 (ISAPI based) on Windows Server 2003 (IIS 6.0).
Also, PHP is running under 'Safe Mode' hence max_execution_time cannot
be overridden with ini_set.

Questions:
1. Can we disable some critical PHP Directives (changeable as
PHP_INI_ALL) so that even with 'ini_set', user cannot override them? If
yes, how?
2. Is there any other way of securing the web server with ini_set
enabled?

Thanks in advance.
~TJ

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация