where is the security in PHP 5.4 by removing safe_mode
https://stackoverflow.com/questions/9763531
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPergunta
I've got a sticky question in my mind: safe_mode has removed in PHP 5.4, so what is the security in this removal?
Does it mean that any application can execute any program?
What technique is used for this purpose to prevent such violent actions?
Solução
This article Will explain you why safe_mode has never made a single bit of sense and only provides you a false sense of security.
Outras dicas
safe_mode was trying to solve a security problem with the wrong tool. Since shared webhosts often host thousands of websites on one server, safe_mode was a convienent (and entirely inappropriate) method to restrict the damage one could do with PHP.
It was an illusion more than anything else. Though PHP may have been protected with safe_mode, what about other languages like Python and Ruby? The proper method is to use default linux file permissions and modules like suPHP which run PHP as restricted users.
