[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PHP Security Tweaks



On Sat, May 24, 2008 at 10:18 PM, Jeffrey Tadlock <linux elfshadow net> wrote:
> 'open_basedir' is causing issues with the user's page (i.e. clicking
> the jeffreyt link at the top of the page), when it is enabled it just
> goes to a blank page.  The same happens with the Infrastructure page
> as well.  Everything else seemed to work well with it enabled.  I will
> play with that on a vanilla install at home and see what is up with
> that.

I think I have this working now.  I needed to add /usr/share/pear to
the open_basedir list.  The things I saw broken because of that last
night now appear to be working.  It is now enabled on publictest2.

If I am not around and it turns out it is causing issues somewhere
else, you can just comment it out in /etc/php.ini and bounce Apache
and you'll be good to go.

> If something has broken and I missed it, feel free to ping me (iWolf)
> on IRC.  If I am not around you can grab the original php.ini file
> from my home directory under the php-sec directory.  Just copy it to
> /etc/php.ini and bounce apache and you will be back to the way it was
> before I made the changes.  Please let me know if you need to do that
> though, so I can look at it further.

Same applies.  I have some garden work to do this afternoon, so if I
am not around, you can copy the original php.ini from my home
directory under the php-sec directory to /etc/php.ini and bounce
apache to be back to the original way it was before I made changes.
Just let me know if you end up needing to do that so I can look at it
further.

Thanks!
Jeffrey


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]