How safe is it to enable the PHP exec() function on a CPanel CentOS server which is not running PHPSuexec? It's needed by some scripts but I want to know if it can be hacked and if so if there is anything to secure it other than disabling it altogether,
Additionally, what PHP functions should be disabled for security but without spoiling our "customer experience"? i.e. system, exec
Any advice/knowledge appreciated.
OSHS Ltd OSHS Services - DNS Clusters | R1Soft Licenses | Remote Backup Storage | R1Soft CDP Storage | Cheap Dedicated Servers EconDC.com - Enterprise UK Server Colo & Rack Space at Lowest Prices
probably not a good idea without phpsuexec as the exec() would be run as the user apache runs as. This is what we disable and phpsuexec is enabled.
Some are even more restrictive.
Disabling functionality in php means turning customers away. At the end of the day, if you don't have to do it, don't.
You can run a quite stable and secure server with exec() in there. You just have to know about what you're doing, and keep an eye on the server (which you should be doing anyways).
WHMCS Guru - WHMCS addons, management, support and more. WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
Linux Problems? WHMCS Issues? +1-866-546-8914 (linux-14) or @whmcsguru on twitter!