[nycphp-talk] Pair Network's "security" model - could it be this bad?
Chris Snyder
csnyder at chxo.com
Tue Jun 1 14:51:35 EDT 2004
Jayesh Sheth wrote:
> - scripts are disabled from reading outside of their domain-files
> directory (something is changed in PHP's configurationhere )
> ["open_basedir Restrictions in effect, file is in wrong directory"]
Yes, this is commonly known as "safe mode" php, and it was implemented
to solve this very problem.
Can you run scripts written in other languages, though? Perl, or even
shell scripts, *might* be able to access other areas...
Calling your scripts via CGI (where that allows them to be run suid)
allows you to set them so that they are only readable by you -- this
provides as high a level of protection as you can reasonably ask for.
There is a performance hit, but on a shared server that's probably not
an issue, especially as it is most likely tuned to support the extra
processes.
From your updated description it sounds like the ISP is taking a
responsible approach, and at least giving you the option of making sure
things are locked down. The only other question I would ask is whether
you can use SFTP or SCP in place of FTP -- if someone can eavesdrop your
password it doesn't matter how secure the filesystem is!
More information about the talk
mailing list