jmr3460 Posted August 29, 2010 Share Posted August 29, 2010 Hello All, I am looking for knowledge on some things in my php.ini file. My hosting company turns off the safe mode, is that usual? What happens if I turn on the Safe Mode? What happens if I turn it On? Somehow, someone inserted a bit of code on one of my files. It was a passthru() and it showed a list of folders and files inside the folder the passthru() was in. Can someone help me with some security information? Thanks for any help, jmr3460 Quote Link to comment Share on other sites More sharing options...
trq Posted August 29, 2010 Share Posted August 29, 2010 http://php.net/manual/en/ini.list.php Quote Link to comment Share on other sites More sharing options...
jmr3460 Posted August 29, 2010 Author Share Posted August 29, 2010 Thanks for the link. I just downloaded the manual (.chm). Maybe I can get more out of that as far as security. Someone hacked my one of my sites by using ?cmd=ls. How can I stop this from happening again? Is there a way to block the passthru()? Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 30, 2010 Share Posted August 30, 2010 They most probably managed to hack your site due to a vulnerability within your code, not so much how PHP is configured. You should make sure your code is secure first. Quote Link to comment Share on other sites More sharing options...
jmr3460 Posted September 3, 2010 Author Share Posted September 3, 2010 I have been doing a little studying and I am seeing a couple of things I am going to change. First after I have the site developed and tested on the online server I am going to turn off display_error in php.ini for one. This is one thing that this guy told me he saw an error at the bottom of the page and was able to do a $_GET and see all of the files and folders in that folder. It came up as a warning or notice first. I have a question about the php.ini file. Can I use a php.ini file that I create from the existing one that my hosting service provides? Or does anyone think that that is a bad idea? Some of the stuff on this file is about Things I am not using. I guess I am really asking if I can customize my php.ini or is every line required? Quote Link to comment Share on other sites More sharing options...
trq Posted September 3, 2010 Share Posted September 3, 2010 I guess I am really asking if I can customize my php.ini or is every line required? This completely depends on how php was configured. Some hosting use a single global php.ini maintained by the host themselves. If php has been configured to execute as cgi (which is slower) hwoever, you can usually have your own php.ini within your document root. In this ini file, you can customize what you want. Anything not within this file will be populated from the global ini. PHP5.3 also now allows per site php.ini's to be configured even when php is installed as an Apache module. Quote Link to comment Share on other sites More sharing options...
jmr3460 Posted September 3, 2010 Author Share Posted September 3, 2010 Thanks for your reply. I am trying to learn more on security. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.