ISPsystem.com Forums - PHP and Security

ISPsystem.com Forums (http://forum.ispsystem.com//index.php)

- General technical discussion (http://forum.ispsystem.com//forumdisplay.php?f=8)

- - PHP and Security (http://forum.ispsystem.com//showthread.php?t=850)

cbox	12-23-2009 01:04 AM

PHP and Security

Hi,

How are ISPmanager configured regarding PHP and security?

I can see that it supports mod_php, cgi and fastcgi. But how about safe_mode and open_basedir configuration?

Is it by default safe to use, or should there be additional php.ini configurations to make it safe enough? I think about disable functions etc.

Best regards
Sylvester Nielsen

slava

12-23-2009 09:54 PM

You can disable some functions and enable php safe mode in the global php.ini (for example in /etc/php/php.ini).
open_basedir by default configured for mod_php for user home directory in the apache configuration when you create www domain via ISPmanager

Also you can change default parameters for new users in the ISPmanager configuration file.

All parameters are safe for using in the default configuration and ready for web-hosting service.

sara145

12-24-2009 11:41 AM

I had the same problem

cbox	12-26-2009 01:20 PM

I just installed ISPmanager on a server and did a few tests.
I was able to do a cat /etc/passwd from the webhotel, which is not so good.

But i will do some more testing, and hopefully it turns out good. :-)

All times are GMT +2. The time now is 10:18 AM.