Greetings, I think I have a misunderstanding of what's going on, I'm just not sure where... First I'll describe what I'm trying to do, then how I tried to do it, and finally where I ultimately want to get to.
So on my Win2K apache 2.0.36 system with PHP 4.2.0 as module on which only I set up pages, my php pages are running fine. Some of these pages need to run external dos programs, no problems. PHP settings are coming only from php.ini, and life is good. Now, I would like to create a new page in a separate directory, but I want to be very careful about this page and not allow any access or interaction with the rest of my system (since the user will have a large influence on the code that the PHP module will be running. Specifically, the page (call it php.php) will have an include file that is generated dynamically). So normally I should enforce the security by setting the following in php.ini: safe_mode On open_basedir . disable_functions list,of,functions But since I don't want to change the way my extant pages behave, I'd rather do this in httpd.conf (which php.net/configuration claims is possible) on a per directory (or even better, on a per instance basis). So I thinks to myself, given that this directory is called php, I'll just plop in a <Directory "c:/Winapps/WebBase/php"> php_value open_basedir . </Directory> to see if that's recognized. At first I tried with php_admin_value, but then Apache would fail to restart. With the above experiment, Apache restarts, but open_basedir shows no indication of having been set (e.g. phpinfo() and ini_get(...)). Same thing when I repeat the experiment putting the php_value line in a virtual directory container. My conclusion is that I have a bad understanding of something that's going on, but I'm not sure where. Ultimately, where I wanted to go with this was to check (in Apache's httpd.conf file) whether the remote (referer) IP address is the same as mine, and only set safe_mode et. al. if the IPs don't match up AND the request is for that one specific php.php file in the php directory. Am I truly whacked on this, or what? Thanks, Csaba Gabor from NY -- PHP Install Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
