Hallo. Am Montag, 20. Juni 2005 14:37 schrieb Stefan Esser: > do yourself a favour and do not use safe_mode. safe_mode is not, was > never and simply can never be secure. It is deprecated. > > There are simply too many ways to break out of safe_mode through 3rd > party libraries like f.e. libcurl. Yes, I fully acknowledge this. I also don't like safe_mode as a user, it creates trouble with script-uploaded-files and so on. safe_mode sucks and is deprecated BUT there's no working alternative for PHP used as an apache module! If you restrict some 3rd party libs, it's "secure enough" (I know that this term should never be said). Using plain mod_php for user-scripts without safe_mode is not an alternative because user's can run any script and read any file the webserver has access to via the webserver's user ID! That's why I'm interested in suphp. What do you suppose for a regular shared hosting including user-uploaded scripts? PHP via CGI? Is that better than suphp? I don't think that's much of a difference. cu, Bernd -- Wenn Freiheit überhaupt etwas bedeutet, dann vor allem das Recht, anderen Leuten das zu sagen, was sie nicht hören wollen. - George Orwell
Attachment:
pgpJcANd4sIvk.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/