mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-16 00:48:54 +00:00
s/Safe Mode/safe mode/ as Jim corrected these in other places.
Adding ini link to open_basedir git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@65965 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Gabor Hojtsy
parent
09a7562e5a
commit
1fb26926d9
1 changed files with 21 additions and 18 deletions
|
|
@ -1,16 +1,17 @@
|
|||
<?xml version="1.0" encoding="iso-8859-1"?>
|
||||
<!-- $Revision: 1.17 $ -->
|
||||
<!-- $Revision: 1.18 $ -->
|
||||
<chapter id="features.safe-mode">
|
||||
<title>Safe Mode</title>
|
||||
|
||||
<para>
|
||||
Safe Mode is an attempt to solve the shared-server security problem. It is
|
||||
architecturally incorrect to try to solve this problem at the PHP level,
|
||||
but since the alternatives at the web server and OS levels aren't very
|
||||
realistic, many people, especially ISP's, use Safe Mode for now.
|
||||
The PHP safe mode is an attempt to solve the shared-server security
|
||||
problem. It is architecturally incorrect to try to solve this
|
||||
problem at the PHP level, but since the alternatives at the web
|
||||
server and OS levels aren't very realistic, many people,
|
||||
especially ISP's, use safe mode for now.
|
||||
</para>
|
||||
<para>
|
||||
The configuration directives that control Safe Mode are:
|
||||
The configuration directives that control safe mode are:
|
||||
<programlisting role="ini">
|
||||
<![CDATA[
|
||||
safe_mode = Off
|
||||
|
|
@ -40,7 +41,7 @@ disable_functions =
|
|||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
results in this error when Safe Mode is enabled:
|
||||
results in this error when safe mode is enabled:
|
||||
<screen>
|
||||
<![CDATA[
|
||||
Warning: SAFE MODE Restriction in effect. The script whose uid is 500 is not
|
||||
|
|
@ -50,8 +51,9 @@ allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2
|
|||
</para>
|
||||
<para>
|
||||
If instead of <link linkend="ini.safe-mode">safe_mode</link>, you set an
|
||||
open_basedir directory then all file operations will be limited to files
|
||||
under the specified directory. For example (Apache httpd.conf example):
|
||||
<link linkend="ini.open-basedir">open_basedir</link> directory then all
|
||||
file operations will be limited to files under the specified directory
|
||||
For example (Apache httpd.conf example):
|
||||
<programlisting role="ini">
|
||||
<![CDATA[
|
||||
<Directory /docroot>
|
||||
|
|
@ -59,8 +61,9 @@ allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2
|
|||
</Directory>
|
||||
]]>
|
||||
</programlisting>
|
||||
If you run the same script.php with this open_basedir setting then this is
|
||||
the result:
|
||||
If you run the same script.php with this
|
||||
<link linkend="ini.open-basedir">open_basedir</link> setting
|
||||
then this is the result:
|
||||
<screen>
|
||||
<![CDATA[
|
||||
Warning: open_basedir restriction in effect. File is in wrong directory in
|
||||
|
|
@ -86,15 +89,15 @@ Warning: readfile() has been disabled for security reasons in
|
|||
</para>
|
||||
|
||||
<sect1 id="features.safe-mode.functions">
|
||||
<title>Functions restricted/disabled by Safe Mode</title>
|
||||
<title>Functions restricted/disabled by safe mode</title>
|
||||
<para>
|
||||
This is a still probably incomplete and possibly incorrect listing
|
||||
of the functions limited by
|
||||
<link linkend="features.safe-mode">Safe Mode</link>.
|
||||
<link linkend="features.safe-mode">safe mode</link>.
|
||||
<!-- TODO: add ¬e.sm.*; to the functions mentioned here.
|
||||
That entity should link to this section -->
|
||||
<table>
|
||||
<title>Safe Mode limited functions</title>
|
||||
<title>Safe mode limited functions</title>
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
|
|
@ -125,17 +128,17 @@ Warning: readfile() has been disabled for security reasons in
|
|||
</row>
|
||||
<row>
|
||||
<entry><function>ifx_*</function></entry>
|
||||
<entry>sql_safe_mode restrictions, (!= Safe Mode)</entry>
|
||||
<entry>sql_safe_mode restrictions, (!= safe mode)</entry>
|
||||
<!-- TODO: more info on sql-safe-mode -->
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>ingres_*</function></entry>
|
||||
<entry>sql_safe_mode restrictions, (!= Safe Mode)</entry>
|
||||
<entry>sql_safe_mode restrictions, (!= safe mode)</entry>
|
||||
<!-- TODO: more info on sql-safe-mode -->
|
||||
</row>
|
||||
<row>
|
||||
<entry><function>mysql_*</function></entry>
|
||||
<entry>sql_safe_mode restrictions, (!= Safe Mode)</entry>
|
||||
<entry>sql_safe_mode restrictions, (!= safe mode)</entry>
|
||||
<!-- TODO: more info on sql-safe-mode -->
|
||||
</row>
|
||||
<row>
|
||||
|
|
@ -259,7 +262,7 @@ Warning: readfile() has been disabled for security reasons in
|
|||
</row>
|
||||
<row>
|
||||
<entry><function>getallheaders</function></entry>
|
||||
<entry>In Safe Mode, headers beginning with 'authorization'
|
||||
<entry>In safe mode, headers beginning with 'authorization'
|
||||
(case-insensitive)
|
||||
will not be returned. Warning: this is broken with the aol-server
|
||||
implementation of <function>getallheaders</function>!</entry>
|
||||
|
|
|
|||
Loading…
Reference in a new issue