Joined: Sat Aug 20, 2005 9:30 am Posts: 2812 Location: The Netherlands
safe_mode is no guarantee against exploits. In fact, I believe safe_mode will be removed in PHP 6 as it gives a false sense of security. That doesn't mean it is completely useless though, it will stop some bad thing from happening. On the other hand, it also perfectly possible to have exploitable code run under safe_mode.
I'm pretty sure you cannot audit all code that will run on your server and in fact you will never be sure code cannot be exploited. I think using security tools like ASL provides and having a usable safe_mode policy is in most cases all you can practically do.
Users browsing this forum: Bing [Bot] and 2 guests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum