The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is SuPHP really secure?

Discussion in 'General Discussion' started by trhosting.net, Oct 12, 2008.

  1. trhosting.net

    trhosting.net Well-Known Member

    Joined:
    Mar 7, 2006
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Turkey
    It is always said that SuPHP is secure. But i don't know why.

    SuPHP is using php as cgi. So then it is possible for everyone to overwrite every value in php.ini.

    For example i set open_basedir for users and i don't want them to load any php extensions for security. But with SuPHP (php as cgi) anyone can put a local php.ini on his web page directory and bypass my security settings. Can load custom extensions and may abuse my server.

    So where is the SuPHP security?
     
  2. constantine

    constantine Active Member

    Joined:
    Apr 15, 2008
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    any update ?
     
Loading...

Share This Page