On Thursday 27 June 2002 02:49, Jason G Trusty wrote:
> Hello,
>
> I read the support pages at php.net regarding php.ini. Am I correct in the
> assumption that so long as you have php compiled as a module for apache
> that you can than use apache style directives to override the default
> php.ini?
If php is compiled as an Apache module then yes you can use apache style
directives to override the default php.ini.
> Furthmore, are these override directives allowed in a vhost container?
> Given the example vhost container (taken from my existing server setup):
>
> <VirtualHost 127.0.0.1:80>
> ServerAdmin [EMAIL PROTECTED]
> ServerName www.example.com
> ServerAlias *.example.com
>
> php_value open_basedir = "e:\www\htdocs"
I don't think you need the '=' sign. In fact apache (1.3.26) wouldn't start if
you have the '='.
> Would the additional directive I have added (php_value open_basedir =
> "e:\www\htdocs") restrict php from executing any code, scripts and/or
> fuctions from being executed for this virtual host only by limiting it to
> the vhosts home directory
For "open_basedir" it's slightly different:
php_admin_value open_basedir = "e:\www\htdocs"
Not sure whereabouts in the manual php_value VS php_admin_value is documented
but there is an example in the chapter "Safe Mode".
> I am obviously running apache/php/mysql in a Windows environment and I am
> worried about security. Currently (using php) I can execute/issue any
> command or function of my choosing with no restrictions whatsoever. For
> example: I can create/delete directories, files etc.... This is obviously
> not a secure environment for virtual hosting.
If you're concerned about security then just specifying open_basedir is NOT
enough. For instance, on Linux at least, one can easily circumvent it by
running system commands eg:
exec('cat /etc/passwd');
echo `cat /etc/passwd`;
Thus you should always define 'safe_mode_exec_dir' as well.
--
Jason Wong -> Gremlins Associates -> www.gremlins.com.hk
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
/*
... this must be what it's like to be a COLLEGE GRADUATE!!
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
