Jump to content

php filesafe and security problems


ozux

Recommended Posts

Hi everybody,

We are providing Shared webhosting services on Apache webserver and PHP5 and Mysql+Postgres and we have a problem --A big security one!.

 

Our problem is related to php safe_mod, if I disable (off) this mod, every user can execude what they want or she can use some sort of shell programs like (php_shell) and in other hand our customers need safe_mod for some applications like OSCommerce, Self made  Applications and so on, Now:

 

"How Can I enable safe_mod but restrict users to run system commands through PHP or installling malicious application like php_shell that can be harmful for other users on shared host?"

Link to comment
Share on other sites

You can setup PHP to disable certain functions/classes which will prevent users from using these function in thier scripts.

 

; This directive allows you to disable certain functions for security reasons.

; It receives a comma-delimited list of function names. This directive is

; *NOT* affected by whether Safe Mode is turned On or Off.

disable_functions =

 

; This directive allows you to disable certain classes for security reasons.

; It receives a comma-delimited list of class names. This directive is

; *NOT* affected by whether Safe Mode is turned On or Off.

disable_classes =

Link to comment
Share on other sites

Thanks, It's useful.

 

and other thing: Is it possible to log every file access by php? I want to create a log in my server that shows me which Virtual Host executes which php file. Now we have session logging  with "session.save_path" variable but it just logs the Sessions activities.

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.