> -----Original Message----- > From: Michael Stauber [mailto:mstau...@blueonyx.it] > Sent: Friday, April 27, 2012 11:57 AM > To: BlueOnyx General Mailing List > Subject: [BlueOnyx:10367] Re: open_basedir restriction in effect. > > Hi Stephanie, > > > Isn't the point of open_basedir to limit what a php script can open > to > > things that are in specific places? Doesn't it completely negate > > open_basedir to simply assign it "/" making everything accessible > to php - > > certainly many configuration files, etc. that one might not desire > be > > visible to anyone. Effectively it removes the open_basedir > directive. > > Of course. But hey, if people start to spread data all over the place > and need > their scripts to access /var and what not, then security is right out > of the > window anyway. > > With best regards > Michael Stauber
Wasn't the directory outside their open_basedir their web root? If the web root for a site isn't within the open_basedir, then I think something must be amiss. The path that generated the error was: /home/.sites/70/site4/web/ a BX path to a web site root. I presume their own site's web root... Adding that path to the open_basedir setting for that site would seem the more prudent path... Maybe I'm a little on the paranoid side, but given the number of exploits running about the web I don't want to give up information about my server more than I might. Open_basedir is an important part of that. -Stephanie _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx