On Thursday 27 June 2002 02:49, Jason G Trusty wrote: > Hello, > > I read the support pages at php.net regarding php.ini. Am I correct in the > assumption that so long as you have php compiled as a module for apache > that you can than use apache style directives to override the default > php.ini?
If php is compiled as an Apache module then yes you can use apache style directives to override the default php.ini. > Furthmore, are these override directives allowed in a vhost container? > Given the example vhost container (taken from my existing server setup): > > <VirtualHost 127.0.0.1:80> > ServerAdmin [EMAIL PROTECTED] > ServerName www.example.com > ServerAlias *.example.com > > php_value open_basedir = "e:\www\htdocs" I don't think you need the '=' sign. In fact apache (1.3.26) wouldn't start if you have the '='. > Would the additional directive I have added (php_value open_basedir = > "e:\www\htdocs") restrict php from executing any code, scripts and/or > fuctions from being executed for this virtual host only by limiting it to > the vhosts home directory For "open_basedir" it's slightly different: php_admin_value open_basedir = "e:\www\htdocs" Not sure whereabouts in the manual php_value VS php_admin_value is documented but there is an example in the chapter "Safe Mode". > I am obviously running apache/php/mysql in a Windows environment and I am > worried about security. Currently (using php) I can execute/issue any > command or function of my choosing with no restrictions whatsoever. For > example: I can create/delete directories, files etc.... This is obviously > not a secure environment for virtual hosting. If you're concerned about security then just specifying open_basedir is NOT enough. For instance, on Linux at least, one can easily circumvent it by running system commands eg: exec('cat /etc/passwd'); echo `cat /etc/passwd`; Thus you should always define 'safe_mode_exec_dir' as well. -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * /* ... this must be what it's like to be a COLLEGE GRADUATE!! */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php