|  | Posted by Willem Bogaerts on 05/02/07 07:29 
> I'm trying to disable safe mode from my php installation. First> because this functionality will be removed in PHP6, and because it's
 > very restrictive and it's giving me headaches when configuring
 > frameworks and other applications. Moreover, it's said on the php
 > website that the safe mode solution is not a good thing... I'm looking
 > for a tutorial which indicates what to configure on a server in order
 > to have a secured installation of PHP, but without safe mode. I can't
 > find it...
 
 If you see the documentation of safe mode, you see it starts by saying
 this really should be done on the server itself. However, this is
 OS-specific, so it is not easy to give any details without knowing the
 OS that will run the page.
 
 In general, the web server itself will run as a user that is known to
 the OS. This user should be given enough rights to run the site, but too
 little rights to do more harm to the system. It mainly comes down to
 rights management. The rights can (and should!) be set correctly on the
 OS, but can (and should!) be given in the web server as well for the
 site users.
 
 One approach is to have a directory for your site that is accessible to
 the web server process on OS-level, with a subdirectory in it that is
 served, and therefore publicly accessible (called the web root, usually
 "htdocs" or "www"). Deny directory browsing and set an index page on the
 web server level. Put your library php files outside the web root, so
 they can only be called from php, but never directly from a web browser.
 
 Best regards,
 --
 Willem Bogaerts
 
 Application smith
 Kratz B.V.
 http://www.kratz.nl/
 [Back to original message] |