Michael A. Peters wrote:
Chris wrote:
Yes, I read the documentation on how to make them play nice, and to
me it is unacceptable to change suhosin settings intended to protect
my users and my site from a malicious user so that I can use a web
app that is not open to the public.
No idea what the problems are (couldn't find a list of what the
problems are) but
Can you change the suhosin settings with a .htaccess? With the apache
htpasswd protection it should be ok to disable some stuff for a
particular directory.
I don't think you can change suhosin directive in a .htaccess file.
Yes - you can (well, I didn't try in .htaccess - I did so in the apache
config file itself).
That solves everything :)
<Directory "/srv/shastaherps/phpMyAdmin-3.1.3.1-english">
AuthUserFile /somesecretpath/.htpasswd
AuthType basic
Require valid-user
AuthName "Authentication Required"
php_flag suhosin.executor.disable_eval Off
</Directory>
At least that works (allowing me to disable eval everywhere else) - so
I'm guessing it should work with the other stuff as well.
Thanks for the suggestion, I just assumed it wouldn't work as changing
suhosin stuff via ini_set doesn't seem to work (understandably).
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
