Thanks! What would people reccommend? 1) just using safe mode
2) using open_basedir and disable_functions 3) all of the above? 4) Just shutoff the server :) If (2) or (3) what functions are most at risk? I understand that safe_mode limits quite a few already. Regards, Joseph -----Original Message----- From: Tamas Arpad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 24 October 2001 11:01 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Enabling php in only certain hosts and directories On Wednesday 24 October 2001 08:19, you wrote: > Well, php runs the same as apache, so whatever apache can access, > php can access. > So any files with the db passwords that need to be accessed by php, > can be seen by all users who can upload php scripts to your server. That's not completely true. You can use open_basedir, safe_mode settings in apache's configuration, based on virtualhosts or even directories. This way you can restrict users, virtual hosts to their own directories. Arpi > > Hello all, > > > > I am just configuring up a new web server, and I want to be able > > to run php only in the web servers main document root and in > > specified virtual hosts, I have a fair understanding on how to go > > about this, but would really like some feedback before I get to > > far into it. Basically the only directories I don't want to be > > able to use php are all the user directories (/~username) unless > > they have been mapped to a virtual host that has the right > > directives in them to enable php. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
