httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Res <...@ausics.net>
Subject Re: [users@httpd] Security settings in apache
Date Sun, 17 Jun 2007 22:40:18 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On Sun, 17 Jun 2007, makhan wrote:

>
> Thsnks man for your reply. I checked my php.ini file and the options which
> you told me. They are not set . and I am not in the safe mode either so this
> exec function should work. I have checked even a simple commands like data
> or ls are not working correctly. Can you help me out what could be the
> reason. I think it has something to do with some paths
>


in php.ini, change
 	display_errors = Off   ; to On

then comment out:
 	error_reporting  =  E_ALL & ~E_NOTICE
and insert:
 	error_reporting  =  E_ALL

restart apache and try again, this should show whats wrong, as it is php 
related you will probably have to go to a php forum for further help, as 
its not apache causing the problems

once you get it sorted remember to delete the new line above and 
uncomment the original, and change display errors back to off, you dont 
want people going to your site to see any and every error :)



>
>
> Res-2 wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> NotDashEscaped: You need GnuPG to verify this message
>>
>> On Sun, 17 Jun 2007, makhan wrote:
>>
>>>
>>> Hi
>>>
>>> I am  trying to run an external program from the php using its exec()
>>> function. But its not executing the program I think the issue is with the
>>> apache security setting i.e its not allowing external requests to execute
>>> programs on the server.
>>>
>>> Can someone please guide me how I can enable these settings.
>>
>> If your not root, you can't, this is a very common lockdown in php
>> by host providors (at these those that know what they are doing) to
>> help prevent script kiddies playing up.
>>
>> If you are root, look in your php.ini for disable_functions, make sure you
>> understand the serious risks of allowing this function (amongst others)
>> before you allow it, then consult google or php.net.
>>
>> You might also need to check the open_basedir option as well.
>>
>> If you are a script kiddie, its only a mater of time before you are
>> caught and locked up.
>>
>>
>> --
>> Cheers
>> Res
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.7 (GNU/Linux)
>>
>> iD8DBQFGdawLsWhAmSIQh7MRAtDbAKCtYLgM7oVP0IPp0Djq1TT5Cf/bugCeLZi+
>> FVuqRvlPCqC7+3MwSi9QVFU=
>> =7HHz
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>
>

-- 
Cheers
Res
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGdbhTsWhAmSIQh7MRArolAJ9/PVuXkyp1lFNnfubGdu4bTSalCwCfef8e
Mi5SkqEK87Abk+z0IBd9nig=
=y0+Q
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message