Jump to content

Recommended Posts

Hello All,

I am looking for knowledge on some things in my php.ini file.

My hosting company turns off the safe mode, is that usual?

What happens if I turn on the Safe Mode?

What happens if I turn it On?

 

Somehow, someone inserted a bit of code on one of my files.

It was a passthru() and it showed a list of folders and files inside the folder the passthru() was in.

 

Can someone help me with some security information?

Thanks for any help,

jmr3460

Link to comment
https://forums.phpfreaks.com/topic/211987-knowledge-for-phpini/
Share on other sites

Thanks for the link.

I just downloaded the manual (.chm).

Maybe I can get more out of that as far as security.

Someone hacked my one of my sites by using ?cmd=ls.

How can I stop this from happening again?

 

Is there a way to block the passthru()?

I have been doing a little studying and I am seeing a couple of things I am going to change.

First after I have the site developed and tested on the online server I am going to turn off

display_error in php.ini for one. This is one thing that this guy told me he saw an error at

the bottom of the page and was able to do a $_GET and see all of the files and folders in

that folder. It came up as a warning or notice first.

 

I have a question about the php.ini file. Can I use a php.ini file that I create from the existing

one that my hosting service provides? Or does anyone think that that is a bad idea? Some of

the stuff on this file is about Things I am not using.  I guess I am really asking if I can customize

my php.ini or is every line required? 

I guess I am really asking if I can customize my php.ini or is every line required?

 

This completely depends on how php was configured. Some hosting use a single global php.ini maintained by the host themselves.

 

If php has been configured to execute as cgi (which is slower) hwoever, you can usually have your own php.ini within your document root. In this ini file, you can customize what you want. Anything not within this file will be populated from the global ini.

 

PHP5.3 also now allows per site php.ini's to be configured even when php is installed as an Apache module.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.