[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] PHP Security Questions RaQ4i

Subject: Re: [cobalt-users] PHP Security Questions RaQ4i
From: SM <nntp@xxxxxxxxx>
Date: Thu Dec 27 08:46:11 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi,
At 13:49 23-12-2001 -0500, Carrie Bartkowiak wrote:
>Got some questions regarding PHP security.
>
>-I've set safe_mode to 'On'. Can't see any difference in my scripts. 
>In what cases will other users w/ php scripts see differences?

You will see a different when you have this setting on and you use other
safe_mode_ settings (see php.ini for details).

>-With safe_mode on and the open_basedir set, should I still chmod my 
>database included password file to 700?

Yes, you should chmod the include files.  If you chmod it to 700, the web
server won't be able to read the file.

>-Should I turn magic_quotes_gpc off? I've got it on only because 
>PhpMyAdmin bitches about it.

You can leave magic_quotes_gpc on.  You may also wish to set
register_globals to off.  The PHP settings can be overriden with php_flag
"setting" in the .htaccess file if you permit AllowOverride.

Regards,
-sm

Prev by Date: Re: [cobalt-users] Email nightmare
Next by Date: [cobalt-users] secure ftp
Previous by thread: [cobalt-users] PHP Security Questions RaQ4i
Next by thread: [cobalt-users] Windows 2000 slow to access Qube2 files

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index