httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From makhan <emoaz...@yahoo.com>
Subject Re: [users@httpd] Security settings in apache
Date Sun, 17 Jun 2007 22:04:38 GMT

Thsnks man for your reply. I checked my php.ini file and the options which
you told me. They are not set . and I am not in the safe mode either so this
exec function should work. I have checked even a simple commands like data
or ls are not working correctly. Can you help me out what could be the
reason. I think it has something to do with some paths 



Res-2 wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message
> 
> On Sun, 17 Jun 2007, makhan wrote:
> 
>>
>> Hi
>>
>> I am  trying to run an external program from the php using its exec()
>> function. But its not executing the program I think the issue is with the
>> apache security setting i.e its not allowing external requests to execute
>> programs on the server.
>>
>> Can someone please guide me how I can enable these settings.
> 
> If your not root, you can't, this is a very common lockdown in php 
> by host providors (at these those that know what they are doing) to 
> help prevent script kiddies playing up.
> 
> If you are root, look in your php.ini for disable_functions, make sure you 
> understand the serious risks of allowing this function (amongst others)
> before you allow it, then consult google or php.net.
> 
> You might also need to check the open_basedir option as well.
> 
> If you are a script kiddie, its only a mater of time before you are 
> caught and locked up.
> 
> 
> -- 
> Cheers
> Res
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> 
> iD8DBQFGdawLsWhAmSIQh7MRAtDbAKCtYLgM7oVP0IPp0Djq1TT5Cf/bugCeLZi+
> FVuqRvlPCqC7+3MwSi9QVFU=
> =7HHz
> -----END PGP SIGNATURE-----
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Security-settings-in-apache-tf3937147.html#a11167416
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message