I've got a sticky question in my mind: safe_mode
has removed in PHP 5.4, so what is the security in this removal?
Does it mean that any application can execute any program?
What technique is used for this purpose to prevent such violent actions?
I've got a sticky question in my mind: safe_mode
has removed in PHP 5.4, so what is the security in this removal?
Does it mean that any application can execute any program?
What technique is used for this purpose to prevent such violent actions?
safe_mode
was trying to solve a security problem with the wrong tool. Since shared webhosts often host thousands of websites on one server,safe_mode
was a convienent (and entirely inappropriate) method to restrict the damage one could do with PHP.It was an illusion more than anything else. Though PHP may have been protected with
safe_mode
, what about other languages like Python and Ruby? The proper method is to use default linux file permissions and modules like suPHP which run PHP as restricted users.This article Will explain you why safe_mode has never made a single bit of sense and only provides you a false sense of security.