PHP safe_mode default value in PLESK 8.4 is ON. WHY?
https://stackoverflow.com/questions/802721
-
03-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am wondering why is the default value of the PHP safe_mode ON in PLESK. I suspect it is a security issue but how exactly is this useful?
p.s. As an inexperienced web-developer I spend some hours wondering why the .php files were downloaded instead of run on my server. The reason was that this php default safe_mode was ON and I found the solution by just making random reasonable looking changes to the settings of the plesk control panel. By asking this question I want to find consolation for the frustrating time I lost on this ridiculous problem. For me not to run .php files by default and not explicitly explaining why they don't work is just dumb.
Solution
The problem you have with your files being displayed instead of executed is independent of the setting for safe_mode.
safe_mode is crucial to ensure that your scripts can't perform potentially unsafe operations that might allow a hacker to break into your server.
It sounds like you've managed to randomly changed the setting that actually links .php files to mod_perl so that they run correctly, but if you don't know what you're doing you really should turn safe_mode back on.
Also, as a general rule of thumb when debugging problems: only change one thing at a time and then test between each change. This will help eliminate spurious assumptions about which change actually fixed the problem...
