Results 1 to 4 of 4
-
01-22-2010, 07:24 PM #1Web Hosting Evangelist
- Join Date
- Nov 2005
- Posts
- 539
ini_set disabling create risk for server
I like to know according to some experts and firewalls like CSF, ini_set need to be disabled
if enabled then really create risk for the server... because still many new scripts using that and can be break like popular openx?
-
01-23-2010, 09:41 AM #2WHT Addict
- Join Date
- Aug 2009
- Posts
- 171
Yea, with ini_set disabled you can avoid users overwriting the main php.ini file and like bypassing the other things like limits (if I'm not wrong). A good practice will be to disable ini_set on default and enable it for specific users that require it.
-
01-23-2010, 01:20 PM #3Web Hosting Evangelist
- Join Date
- Nov 2005
- Posts
- 539
but if some scripts are using then how what can be done?
-
01-23-2010, 02:02 PM #4Web Hosting Master
- Join Date
- Oct 2006
- Location
- /usr/src/linux/
- Posts
- 700
You can remove ini_set from the scripts and set the appropriate parameters in php.ini yourself rather than letting the scripts to override them with ini_set.
█ VPSnoc.com offers high quality Xen® OpenVZ & Windows® Virtual Private Servers at affordable prices.
█ 99.95% Uptime | 24/7/365 Support | Unmetered bandwidth.
█ Follow us: twitter.com/VPSnoc
Similar Threads
-
Joomla - ini_set enabled is security risk
By anastasia0181 in forum Hosting Security and TechnologyReplies: 2Last Post: 11-20-2009, 11:22 AM -
Linux help - create batch script for disabling user account
By horizon in forum Programming DiscussionReplies: 1Last Post: 03-02-2009, 07:30 AM -
should i enable ini_set() ?
By joelin in forum Hosting Security and TechnologyReplies: 4Last Post: 09-30-2008, 03:58 AM -
high risk & low risk merchant account specialist needed
By gcorpz in forum Employment / Job OffersReplies: 1Last Post: 05-18-2006, 10:15 AM -
ini_set(); to override session.gc_maxlifetime in php.ini
By compjab in forum Programming DiscussionReplies: 12Last Post: 02-24-2006, 12:23 PM