Thanks a bunch for that link. Not sure how "easily" though. Looks like the concept is simply, but there is a lot to review here when it comes to the individual experience of the various host-masters.
I am just wonder actually how important safe-mode is? For example, chirpy has this great security system called CSF. It is basically a firewall but there is a little tester page that performs various security checks. It does not check for php safe-mode.
Likewise, we have hired webtechs in the recent past to shore up security, and they have never mentioined safe-mode on php.
I do have the php open_basedir enabled. And I do have suexe installed, but not phpsuexe because the last time I tried this (last week) it broke nearly every php script package installation on the server.
So, I guess I am wondering if safe-mode is redundant to php open_basedir? And of course, as previously stated if it is going to break things the way phpsuexe does?
safe mode is an easy way to lock down the security and functions you can use . PHP.net says that "safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now."
Php by nature is unfortunatly very insecure by default. but you can secure you php in share hosting environment using security modules like mod_security, else you disbled the insecure function in php.