The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Functions that are safe to disable in php.ini

Discussion in 'General Discussion' started by casey, Apr 22, 2004.

  1. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    I have the following disabled in php.ini:
    exec, passthru, system, popen, virtual, show_source, readfile, pclose

    I had shell_exec disabled, too, but fantastico had problems with that. Does anyone have a complete list of what is safe to disable, i.e. functions that exist but the customer should never ever be using? If not, why don't we start with this one and build on it?

    P.S. This is of course for non-php_suexec environments. I believe that the customer can freely change php.ini in a php_suexec environment...correct?
     
  2. internetfab

    internetfab Well-Known Member
    PartnerNOC

    Joined:
    Feb 20, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Gothenburg, Sweden
    cPanel Access Level:
    DataCenter Provider
  3. hostcp3

    hostcp3 Well-Known Member

    Joined:
    Jun 18, 2002
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    16
    Hi Casey

    If you disable all those it may cause issues with Image_magick and other programs clients may need access to

    here is what we are running/testing and for one client at least image_magick would not work

    dl,exec,passthru,proc_open,proc_close,shell_exec,system,popen
     
Loading...

Share This Page