Where is security in PHP 5.4 by removing safe_mode

Question

Where is security in PHP 5.4 by removing safe_mode

I have a sticky question in my mind: safe_mode deleted in PHP 5.4, so what is security with this removal?

Does this mean that any application can execute any program?

What method is used for this purpose to prevent such violent acts?

+6

security php

dariush Mar 19 '12 at 0:16

source share

2 answers

safe_mode trying to solve a security problem with the wrong tool. Because shared web hosts often host thousands of websites on a single server, safe_mode was a convienent (and completely inappropriate) method to limit the damage that could be done with PHP.

It was an illusion more than anything else. Although PHP may have been protected by safe_mode , what about other languages like Python and Ruby? The correct method is to use the default permissions and Linux modules, such as suPHP , which run PHP as limited users.

+3

benesch Mar 19 '12 at 0:22

source share

Cristian rodriguez · Accepted Answer · 2012-03-19T00:20:34+0000

This article will explain to you why safe_mode never made a single point and only gives you a false sense of security.

Where is security in PHP 5.4 by removing safe_mode

More articles: