Re: ini_set() security question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 29, 2007 10:19 am, Samuel Vogel wrote:
> I would be very interested in knowing which options, that are
> accessible
> with PHP_INI_ALL or PHP_INI_PERDIR, could be risky to allow on a
> shared
> hosting server.

php.ini_recommended is a good starting point, I think...

> I would like to allow the users to ini_set(), while disabling the
> risky
> options with php_admin_flag/value!

I don't think php_admin_* can be over-ridden -- that's kinda the whole
point of that.

> Stuff like 'memory_limit' and so on come to my mind!

If you're going to use memory_limit on shared hosting, PLEASE make it
a reasonable value!

The default php.ini setting doesn't even run some of the larger common
packages out there.

And something like a simple photo album trying to generate thumbnails...

You may want to have a very different default php.ini for the CLI php
and give (some) users SSH access, on request, so they can do
reasonable things like make thumbnails in a background task.

> Does anybody have more infos on this?

I would guess that there are mailing lists and forums dedicated to
webhosting, and that many many many of them would have much better
info the PHP-General, since many hosts are running PHP.

You could also try contacting reputable webhosts you think "do it
right" directly and ask them what they do.

And, finally, you could work backwards by asking your potential
customers what they need.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux