PHP safemode

Can anything bad happen running your server with PHP safe mode off? I am having a hard time getting vBulletin to work with safemode on. I keep getting errors when uploading avatars.

[Join us @ facebook]

It depends on your code.

If you execute exec() commands the you may have problems.

Also you should check if someone using your code can have read/write access to anywhere outside your www directory.

I am running PHP with the following   disable_functions = "exec,system,passthru,readfile,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,parse_ini_file,show_source,curl_exec"

Think I am safe?

[Join us @ facebook]

To be honest I never take a good look to this issue as the sites that I host in my own server are sites of my clients (meaning that none of them can upload a php file, all the updates are done through my cms)

Now the problem that I think you may have, is that the user will be able to view the code of your other sites, or even change it. php is running through the apache user, so it has actually access to the whole of the htdocs tree.

I am the only user on the server, I am only running 2 websites on the server. 1 static website and my forum. The server is in the process of moving to the data center, It should be online monday. I am going to enable safemode again and mess with it some more. vBulletin is a pain in the rear, I have had nothing but problems getting it to work.

[Join us @ facebook]

If you are the only user in the server, then you don't really have to enable safe mode.

Safe mode is not protecting you from outside, but inside the server. I mean that safe mode can protect you from people that using the same server and upload their pages there.

If you plan not to share your server, then it is totally useless.

On the other hand, even if you plan to share it, you can allways enable it/disable on a per host basis.

[Guest]

[38.657]

Yahoo crawler, Googlebot, Baidu Spider