Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Custom php.ini question

Discussion in 'Security' started by filip212, Sep 4, 2017.

Tags:
  1. filip212

    filip212 Member

    Joined:
    Aug 22, 2017
    Messages:
    19
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Slovakia
    cPanel Access Level:
    Root Administrator
    Hello,
    If i have some settings in whm administration in multi php ini editor and i allow multi php ini editor in cpanel accounts are users possible to enable functions which i disabled in administration of WHM? Or rewrite memory limit or any other functions or data i have setuped in WHM administration multi php ini editor?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,127
    Likes Received:
    1,366
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. filip212

    filip212 Member

    Joined:
    Aug 22, 2017
    Messages:
    19
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Slovakia
    cPanel Access Level:
    Root Administrator
    I think no. I cant find here which global settings it can and which cant override...
     
  4. hendranata

    hendranata Member

    Joined:
    Aug 24, 2017
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    sby
    cPanel Access Level:
    Root Administrator
    completely override php.ini is not a good way right? better u can change local value using htaccess or user.ini
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,447
    Likes Received:
    35
    Trophy Points:
    178
    cPanel Access Level:
    Root Administrator
    It really just depends on your value of security vs. ease of use for your customers.

    The downside to allowing users to include their own php.ini or set directives in their own .user.ini file, is the potential to override security measures - whether this be knowingly or unknowingly by the customer. On the plus side, if users are able to use their own php.ini or .user.ini file, they can easily set directives without having to bother their web host.

    If you don't allow users to use their own php.ini file or set directives in their own .user.ini files, you can keep security intact by insuring that quality values are enabled for your users. The downside, your customers pretty much have to contact you if they need a value changed.

    Personally for me, I value security, so I side with the second option. Otherwise, you run the risk of someone setting their memory_limit to 10GB because some blog some where told the user to do that. And then finding out that one account, that isn't paying you very much, has 500 plugins enabled on their site and is using up all of the server's memory.

    It's important to note that security and ease of use is always going to be a give and take. The easier you make it for end-users to perform an action or task, the more likely that is to be abused and thus become a hit to security. But if you make certain things too difficult to do in the name of security, you risk alienating your customers. Just where you fit on that scale is up to you, but you're never going to be able to keep everyone happy.
     
    cPanelMichael and Infopro like this.
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,127
    Likes Received:
    1,366
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page