PHP Safe Mode?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I was wondering how insecure a server gets when disabling PHP safe mode?
I saw that some wikis and CMS need PHP safe mode to be disabled.
Disabling something called "safe mode" lets my alarm bells go wild, so
should I skip these kinds of CMS/Wikis or is it okay to tell my ISP to
diable safe mode without taking too much risk?

I'm not sure.


Matthias Kaeppler

Re: PHP Safe Mode?

Quoted text here. Click to load it

Most scripts need SM disabled, and it's ok.
Most hosts secure their PHP offering via the php.ini


Re: PHP Safe Mode?

Quoted text here. Click to load it

Pretty insecure so you have to secure it by other means
e.g. mod_security in Apache plus greater firewalling of certain ports
because what people will do is try and upload DOS attack scripts via image
gallery scripts (or avatar uploads in bulletin boards) using character
substitution hacks.

Gordon Hudson || Ltd
e-mail:ghudson [at] Host 5 web sites for $9 per month Domain Names with free hosting and email $15

Site Timeline