safe mode again

Forum Moderators: coopster

Message Too Old, No Replies

safe mode again

jackvull

9:51 am on Jan 4, 2006 (gmt 0)

Is safe mode of any use or is it enough to have safe mode off and safe mode GID set to ON?

Is there anything to be particularly aware of when runnning scripts with safe mode off?

I currently check all user input and strip out PHP/HTML tags and characters such as ; \ etc.
ANy other things to think of?

ergophobe

5:05 pm on Jan 4, 2006 (gmt 0)

I think of safe mode as primarily for shared hosts.

The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now.

[us3.php.net...]

And RE restrictions on functions

[us3.php.net...]

jackvull

11:43 am on Jan 5, 2006 (gmt 0)

So, surely if you check all user input and apply strip_tags then an outside user wuoldn't actually be able to run system commands?

On the shared server side, if the safe mode GID check is still no but safe mode off, then all should also still be okay?

ergophobe

2:55 am on Jan 9, 2006 (gmt 0)

Since nobody's jumped in while I was out skiing...

check all user input

If you check all user input and nobody gets your account password, you should be safe from hackers, regardless of safe mode. You might still not be safe from yourself (i.e. prgramming error that really fouls things up).

safe mode again

jackvull

ergophobe

jackvull

ergophobe

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week