safe_mode in php

mayankj22

in which conditon we should use safe_mode =ON
what should be changes made if i want to run php in safe_mode..

i really dont have any idea abt safe_mode..
plase give me some idea about php safe_mode..

Regards
mayank

Yegg

U can read about safe mode here: http://us2.php.net/features.safe-mode

In short, with help of safe mode - you can restrict for users to use some functions/variables

mayankj22

in which conditon we should use safe_mode =ON
what should be changes made if i want to run php in safe_mode..

i really dont have any idea abt safe_mode..
plase give me some idea about php safe_mode..

Regards
mayank

bpat1434

No-one really has any clue as to what safe-mode really is. In all honesty, it's a false sense of security. In php6 it's going to be dropped, so don't start using it.

Basically it removes certain functions which could cause problems. The full documentation is here: Safe-Mode Manual

You really don't need to use safe-mode, it's more a useless feature that is falsely interpreted. If you can, dont' code for it, and try and stay away.

MarkR

Usually the aims of safe mode are:

To stop several web applications run on the same machine from interfereing with each other due to security problems
To prevent a badly constructed application from enabling an attacker to take control of the machine

Safe mode does theoretically do that well. There are a lot of potential loopholes though. PHP6 may remove safe_mode, but it will doubtless replace it with something that has a similar effect.

The user ID checking facility of safe_mode isn't really terribly helpful, which is a pity, because many of its other effects are desirable.

You can achieve similar results with open_basedir and disable_function, but not quite. I hope PHP6 addresses this adequately.

Mark