PHP safe mode, how safe is it really?

Got a software or hardware problem? Ask your questions here

Moderator: SG Admins

Post Reply
bartender
pe0n
pe0n
Posts: 32
Joined: Tue Oct 29, 2002 7:19 pm
Location: Oxford

PHP safe mode, how safe is it really?

Post by bartender »

Could someone please advice me whether turning safe mode off is a mayor security risk? If it is, is there ways in which you can minimise these risks?

Cheers for any advice or links
Mark
User avatar
uatec
Mega-pe0n
Mega-pe0n
Posts: 199
Joined: Sun Oct 27, 2002 10:17 pm
Location: London
Contact:

Post by uatec »

i have not heard of this safe mode? what exactly does it do?
Moo!
PeteTheHair
LAN Admin-Monkey
LAN Admin-Monkey
Posts: 259
Joined: Sun Oct 27, 2002 5:03 pm
Location: Basingstoke
Contact:

Post by PeteTheHair »

From very brief research (and I've been to the pub ;) ), it seems PHP safe mode makes no difference if your only running your scripts on your server. It imposes a set of restrictions on the files you can open, system commands you can run, and the environment variables that you can set.

If you're running a server that other people (that you don't trust) will be running scripts on, in an ISP kind of way, it'd be worth looking into more closely (as would all the PHP security chapter... don't run what you don't understand). However, for my home Apache install, I'm happy to leave this off.

The full details are at http://php3.de/manual/en/features.safe- ... .safe-mode for those that are interested...

Apologies if that didn't make a lot of sense :)
Pete
"If at first you don't succeed, call it Version 1"
Post Reply