shaun

Well-Known Member
PartnerNOC
Verifed Vendor
Nov 9, 2001
708
1
318
San Clemente, Ca
cPanel Access Level
DataCenter Provider
Twitter
Client wants me to add these lines to the httpd.conf file. Is this safe. From what he\'s telling me, this will allow him to compile his own php bin with stuff we dont already have compiled into ours. To me this sounds too much like it could be a security problem...

> > AddHandler php-script php php3 phtml
> > Action php-script /cgi-bin/php


What do you guys think?
 

feanor

Well-Known Member
Aug 13, 2001
836
0
316
Too risky.
..... if you give him permission/execution over that binary he\'ll be able to use alpha or beta modules that php.net churns out on the day they do it, creating potential security hazards for anyone on the machine that decides to summon these new modules.

I\'m not even sure how/if you\'ll be able to syphon off his particular \"segment\" of the php environment so that others on the machine can\'t utilize his additions.

A bit of a gray area I\'d say.....

I wouldn\'t do it.

:eek: