lowhigh

Active Member
Jun 25, 2011
29
0
51
Hi all!

I have installed CP 11.30 build 32. Every work well untill now. I'm testing for the server securities and i find some problem with php

I choose to install PHP 5 as suPHP, i set some important php configuration in the master config (/usr/local/lib/php.ini) such as: safe_mode= ON, openbase_dir, disable some functions, and many other parameters.
But when one my customer required safe_mode=OFF,others still required ON,so i advise them to put a php.ini file in the public_html with simple config: safe_mode=Off
OK, my customer feel satisfied but i don't. I see that, php will load my new local php.ini, and problems raise:
Most of parameter seem to be overrided, php give up some my security configs: open_basedir=no value, disabled_functions=no value, and many paramiters=no value
i upload a simple shell, r57 and c99. Not surprised, i can walk away on this server, see all my customer though i cannot access to these folders, i can go into some system folder such as /var, /usr.....
Beside, i execute some commands to find siud files, config files.....they all are successfull!

So, i want to know, is suPHP secure? what way can i config to make sure both the system security and my customer can change their config. With suPHP, that situation make any bad affects to my server?

Thanks all!