Re: [PHP] How to disable some functions?

Wed, 28 Feb 2001 11:12:27 -0800 

At 4:54 PM +0000 2/28/01, Philip Reynolds wrote:
>Batonik's [[EMAIL PROTECTED]] 15 lines of wisdom included:
>:>Hi,
>:>
>:>     I've heard that it is possible, for security reasons, to disable
>:>such functions like phpinfo(). How can I do this?
>
>You can edit the sources...
>PHP4:  $PHP_BASE_DIR/ext/standard/basic_functions.c
>
>You're looking for a struct called
>function_entry basic_functions[]
>
>On my version (4.0.4-pl1) it's on line 91.
>Your functions are listed there..
>
>for example, delete line "PHP_FE(time,                  NULL)"
>which is on line 100 on my version disables the time function.
>However, why you want to disable functions is beyond me, to make PHP
>"safe" you're going to have to disable a LOT of functions..
>
>There might be some PHP4 way to disable functions, I think there
>might be some way to do it from php.ini, but I can't find it
>offhand.
>Phil.
>

It's not documented yet at

        http://www.php.net/manual/en/configuration.php

, but you can use the following in your php.ini file:

disable_functions =     ; This directive allows you to disable certain
                        ; functions for security reasons.  It receives
                        ; a comma separated list of function names.
                        ; This directive is *NOT* affected by whether
                        ; Safe Mode is turned on or off.

I presume you could use the

        php_value disable_functions phpinfo

syntax in your httpd.conf or .htaccess (you might need to use 
php_admin_value instead of php_value). This is available in php 
4.0.4; I don't know about availability in earlier versions. I don't 
use this, though, so I'm just copying from the provided .ini file.

        -steve

-- 
+--- "They've got a cherry pie there, that'll kill ya" ------------------+
| Steve Edberg                           University of California, Davis |
| [EMAIL PROTECTED]                               Computer Consultant |
| http://aesric.ucdavis.edu/                  http://pgfsun.ucdavis.edu/ |
+-------------------------------------- FBI Special Agent Dale Cooper ---+

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to