Posted on: 05/02/04 11:39am
By: Nordinho
Hello,
I recieved an email from my hostingcompany, that they are going to upgrade their php-security in a couple of days...and some phpfunctions are going to change...
The things that they're going to change are:
disable_functions = ()
becomes:
disable_functions = dl, exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg
expose_php = On
becomes:
expose_php = Off
register_globals = On
becomes:
register_globals = Off
register_argc_argv = On
becomes:
register_argc_argv = Off
enable_dl = On
becomes
enable_dl = Off
session.save_path = "/tmp"
becomes:
session.save_path = "/var/phpsessions"
upload_tmp_dir = "/tmp "
becomes
upload_tmp_dir = "/tmp/phpupload"
Does anyone have an idea how these changes will affect my geeklog site, and if my site still will function or that I need to find a new hostingcompany asap???
Greets Nordinho
www.nordinho.com
Help/Hostingcompany will upgrade php-security
Posted on: 05/02/04 12:03pm
By: Blaine
Well right off -- register_globals - that needs to be on for geeklog to work.
Are they not willing to enable the setting on a site by site basis?
Help/Hostingcompany will upgrade php-security
Posted on: 05/02/04 01:19pm
By: Limynali
If you can't get them to allow you to have register_globals = on then you can use
this little hack[*1] to keep your site working.
Basically all you have to do is paste the following lines at the top of your lib-custom.php file (in the system folder).
extract($_POST);
extract($_GET);
Don't ask me how secure this is, probably as secure as having register_globals on in the first place.
Help/Hostingcompany will upgrade php-security
Posted on: 05/02/04 06:26pm
By: Nordinho
Oke thanx for your comments...I'll give the hostingcompany another call tomorrow...otherwise I will use the workaround...
Do you know if the other changes will affect my site??
Greets Nordinho
Help/Hostingcompany will upgrade php-security
Posted on: 05/10/04 07:04pm
By: Nordinho
Hmmm...they're doing another security test night. The site is still working. However, making a backup fails:
Warning: exec() has been disabled for security reasons in /home/httpd/vhosts/nordinho.com/httpdocs/admin/database.php on line 83
And The Who's online block only displays 1 guest. While according to my stats at least 80/100 people should be online.
Anyone any ideas how to solve this??
Greets Nordinho,
Help/Hostingcompany will upgrade php-security
Posted on: 05/11/04 09:50am
By: Turias
Again, talk to your hosting company about how to get around this. For example, my hosting company requires I add the following line to my .htaccess file:
AddType php-cgi php
You might need something similar or completely different. Best e-mail your provider.
Help/Hostingcompany will upgrade php-security
Posted on: 05/11/04 01:16pm
By: Nordinho
Oke Turias...thanks for your reply...I'll contact the hostingcompany again... and hopefully I can work it out...
Greets Nordinho,