2008/1/4, Rick Moen <[EMAIL PROTECTED]>: > Quoting Luis Mondesi ([EMAIL PROTECTED]): > > > It's time to tell PHP (via php.ini) not to allow any of those > > functions that allow executing stuff from the system (system, > > passthru, whatever). > > Amen to that. Good starting point: > disable_functions = system, exec, passthru, popen, escapeshellcmd, shell_exec
Even better: /usr/share/doc/php5-common/examples/php.ini-paranoid (it includes some more functions in that definition) IIRC it includes those and some more. You might want to diff your php.ini copy to that one to see the different things you could do to improve your PHP installation. Regards Javier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
