Well-Known Member
Mar 7, 2006
It is always said that SuPHP is secure. But i don't know why.

SuPHP is using php as cgi. So then it is possible for everyone to overwrite every value in php.ini.

For example i set open_basedir for users and i don't want them to load any php extensions for security. But with SuPHP (php as cgi) anyone can put a local php.ini on his web page directory and bypass my security settings. Can load custom extensions and may abuse my server.

So where is the SuPHP security?