Hello,
I read the support pages at php.net regarding php.ini. Am I correct in the
assumption that so long as you have php compiled as a module for apache that
you can than use apache style directives to override the default php.ini?
Furthmore, are these override directives allowed in a vhost container? Given
the example vhost container (taken from my existing server setup):
<VirtualHost 127.0.0.1:80>
ServerAdmin [EMAIL PROTECTED]
ServerName www.example.com
ServerAlias *.example.com
php_value open_basedir = "e:\www\htdocs"
DocumentRoot E:/www/htdocs
<Directory E:/www/htdocs>
Options IncludesNoExec MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Alias /logs/ "c:/Apache2/logs/www/"
<Directory "c:/Apache2/logs/www/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ErrorLog c:/apache2/logs/www/error.log
CustomLog c:/apache2/logs/www/access.log common
TransferLog c:/apache2/logs/www/access.log
</VirtualHost>
Would the additional directive I have added (php_value open_basedir =
"e:\www\htdocs") restrict php from executing any code, scripts and/or
fuctions from being executed for this virtual host only by limiting it to
the vhosts home directory?
I am obviously running apache/php/mysql in a Windows environment and I am
worried about security. Currently (using php) I can execute/issue any
command or function of my choosing with no restrictions whatsoever. For
example: I can create/delete directories, files etc.... This is obviously
not a secure environment for virtual hosting.
Any help concerning this matter would be appreciated.
Cheers,
JTrusty
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
