Jsp, Tomcat, J2Ee, Linux Web Hosting, Hibernate Programming Blog

518 CHAPTER 21 SECURE PHP PROGRAMMING Note that specifying a particular path without a tailing slash will cause all directories falling under that path to also be ignored by the safe mode setting. For example, setting this directive to /home/configuration means that /home/configuration/templates/ and /home/ configuration/passwords/ are also exempt from safe mode restrictions. Therefore, if you d like to exclude just a single directory or set of directories from the safe mode settings, be sure to conclude each with the trailing slash. safe_mode_allowed_env_vars (string) Scope: PHP_INI_SYSTEM; Default value: “PHP_” When safe mode is enabled, you can use this directive to allow certain environment variables to be modified by the executing user s script. You can allow multiple variables to be modified by separating each with a comma. safe_mode_exec_dir (string) Scope: PHP_INI_SYSTEM; Default value: NULL This directive specifies the directories in which any system programs reside that can be executed by functions such as system(), exec(), or passthru(). Safe mode must be enabled for this to work. One odd aspect of this directive is that the forward slash (/) must be used as the directory separator on all operating systems, Windows included. safe_mode_protected_env_vars (string) Scope: PHP_INI_SYSTEM; Default value: LD_LIBRARY_PATH This directive protects certain environment variables from being changed with the putenv() function. By default, the variable LD_LIBRARY_PATH is protected, because of the unintended consequences that may arise if this is changed at run time. Consult your search engine or Linux manual for more information about this environment variable. Note that any variables declared in this section will override anything declared by the safe_mode_allowed_env_vars directive. Other Security-Related Configuration Parameters This section introduces several other configuration parameters that play an important role in better securing your PHP installation. disable_functions (string) Scope: PHP_INI_SYSTEM; Default value: NULL For some, enabling safe mode might seem a tad overbearing. Instead, you might want to just disable a few functions. You can set disable_functions equal to a comma-delimited list of function names that you want to disable. Suppose that you want to disable just the fopen(), popen(), and file() functions. Just set this directive like so: disable_functions = fopen,popen,file Note that this directive does not depend on whether safe mode is enabled.
We would like to recommend you tested and proved virtual web hosting services, which you will surely find to be of great quality.

This entry was posted on Sunday, December 30th, 2007 at 1:58 am and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.