stefan ott

FAQ

This is the FAQ file for phpcksec v0.2.0 by Stefan Ott
Get the latest version at http://tools.desire.ch/phpcksec/
===============================================================================

 [Q]    Are these real questions?
 [A]    No, I just made them up to provide some more information I couldn't
 figure out how to fit into the README.

 [Q]    I can access my server's whole directory tree. What can I do?
 [A]    - Use PHP safe mode: Set "safe_mode = On" in your php.ini
 - Limit file operations to your (virtual)host's document root:
 set "open_basedir = /dev/null" in php.ini and for each virtual host
 use "php_admin_value open_basedir /your/document/root/"
 - Define the programs your PHP installation is allowed to execute
 with the exec() and system() commands:
 set "safe_mode_exec_dir" to something like /usr/local/php-bin which
 is a directory in which you put symlinks to the actual executables.

 [Q]    Can I use your tool on my ISP's server?
 [A]    They might not like it, as you could easily get other cutomers' data.
 So first ask the ISP for permission!

 [Q]    Where can I find more information on php safe mode?
 [A]    Check http://si.php.net:8888/manual/sl/features.safe-mode.php
FAQ

Friends

My Stuff

You

Meta
