Jason Davidson wrote:
Anywys.. heres the question.. what do you think is the most viableAll of those and a many more things besides!
solution for security. 1. run apache in chroot envirnment.
2. run php in safe_mode
3. simply str_replace all filesystem functions with nothing.
4. use the disable_function settings to disable filesystem functions...
5. .all of these 6. none of these.... 7 . other.
for example the mail() function can send mail through the localy installed smtp server without a username and password so you need to watch for the mail function or perhaps even attempts to open a socket on localhost host. You will then need to watch out for include or fopen urls that will eat up bandwidth or worse.
all in all i think this is pretty dangerous.
THanks Jason
-- Raditha Dissanayake. ------------------------------------------------------------------------ http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 128 KB | with progress bar.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
