php.ini function disable directive 
Author Message
 php.ini function disable directive

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Morning all.

WHile I know this is a PHP "language" group, it appears that lots
within are clued up in all aspects of the PHP environment. I know this
may be suited better to a server config group, but I'll try here first.

PHP has a disable_function directive in php.ini which works great but
does anyone happen to know if you can disable globally in php.ini and
enable certain function again per vhost rather than the other way
around?

I have certain functions disabled and many vhosts and would be a lot
easier to work it this way rather than disable per vhost.

Feel free to flame for this post being in the wrong group (if
appliable) =)

Regards,

  Ian

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPgRFaWfqtj251CDhEQLLFwCfd97rc2ehFyRN3/FX4HHmE73Sxb8AoPnq
Aqi5iq+lKV9qXuAwI7iwdoB5
=kjMT
-----END PGP SIGNATURE-----

--
Ian.H  [Design & Development]
digiServ Network - Web solutions
www.digiserv.net  |  irc.digiserv.net  |  forum.digiserv.net
Scripting, Web design, development & hosting.



Wed, 08 Jun 2005 18:39:50 GMT  
 php.ini function disable directive

Quote:

> PHP has a disable_function directive in php.ini which works great but
> does anyone happen to know if you can disable globally in php.ini and
> enable certain function again per vhost rather than the other way
> around?

> I have certain functions disabled and many vhosts and would be a lot
> easier to work it this way rather than disable per vhost.

How could / do you you disable per vhost? http://php.net/function.ini-set
claims it can only be set in php.ini, so I'd say you could not disable it
elsewhere?

I guess if you could disable it you would also know how to /enable/ it, so I
guess I misunderstand the last quoted sentence above...

Palahala



Wed, 08 Jun 2005 19:07:05 GMT  
 php.ini function disable directive
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In a fit of e{*filter*}ment on Sat, 21 Dec 2002 12:07:05 +0100, Palahala

Quote:

> > PHP has a disable_function directive in php.ini which works great
> > but does anyone happen to know if you can disable globally in
> > php.ini and enable certain function again per vhost rather than the
> > other way around?

> > I have certain functions disabled and many vhosts and would be a
> > lot easier to work it this way rather than disable per vhost.

> How could / do you you disable per vhost?
> http://www.*-*-*.com/ ;claims it can only be set in
> php.ini, so I'd say you could not disable it  elsewhere?

> I guess if you could disable it you would also know how to /enable/
> it, so I  guess I misunderstand the last quoted sentence above...

> Palahala

You can enable some features (such as open_basedir and safe_mode etc)
from httpd.conf for each vhost. I was wondering if the same or a
similar method could be used for functions too.. for example:

disable mail() in php.ini (for global disable)

enable mail() function for say.. vhost1 and vhost4 as they'd be more
"trusted".

My server setup is for shared hosting (although my server) which is why
I wondered so that I could disable globally but enable for certain
functions for my sites/vhosts to combat security implications yet still
allow me 100% flexability of the PHP env.

Regards,

  Ian

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPgRMoGfqtj251CDhEQJytgCg/qBqufPTh/OFnIrAqP3/pJd1vm0An3j+
OBPg2T5H1EDoH+a1FRtIKX/S
=7GYX
-----END PGP SIGNATURE-----

--
Ian.H  [Design & Development]
digiServ Network - Web solutions
www.digiserv.net  |  irc.digiserv.net  |  forum.digiserv.net
Scripting, Web design, development & hosting.



Wed, 08 Jun 2005 19:10:37 GMT  
 php.ini function disable directive

Quote:

> disable mail() in php.ini (for global disable)

> enable mail() function for say.. vhost1 and vhost4 as they'd be more
> "trusted".

I really doubt it can be done. The PHP_SYSTEM, PHP_ALL and other texts in
the configuration documentation are being generated so I also doubt that
simply trying would give you any luck...

If you really need it maybe you can setup a second instance of Apache on
your server, like listening on port 8080. Next, using Apache's URL
rewriting on port 80, redirect requests for vhost1 and vhost2 to the second
instance, with more enabled options. That would, however, require you to
define a very limited set of trusted and non-trusted -- it would be
difficult to set up a web server for each combination of functions you want
to enable...

As for mail: what about setting the actual sendmail configuration to some
fake value for the non-trusted vhosts?

Palahala



Wed, 08 Jun 2005 19:26:44 GMT  
 php.ini function disable directive
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In a fit of e{*filter*}ment on Sat, 21 Dec 2002 12:26:44 +0100, Palahala

Quote:

> > disable mail() in php.ini (for global disable)

> > enable mail() function for say.. vhost1 and vhost4 as they'd be
> > more "trusted".

> I really doubt it can be done. The PHP_SYSTEM, PHP_ALL and other
> texts in  the configuration documentation are being generated so I
> also doubt that  simply trying would give you any luck...

> If you really need it maybe you can setup a second instance of Apache
> on  your server, like listening on port 8080. Next, using Apache's
> URL
> rewriting on port 80, redirect requests for vhost1 and vhost2 to the
> second  instance, with more enabled options. That would, however,
> require you to  define a very limited set of trusted and non-trusted
> -- it would be  difficult to set up a web server for each combination
> of functions you want  to enable...

> As for mail: what about setting the actual sendmail configuration to
> some  fake value for the non-trusted vhosts?

> Palahala

I haven't seen it done or mentioned anywhere and it was just a thought
as to whether it was indeed possible.

I'll have a think about the second instance of Apache for this and see
what sort of work is actually involved in setting up and configuring
the two.

Indeed the mail()/sendmail idea you mention would work.

I'll have a ponder and see what can be done. I have another box running
Apache/PHP and multiple vhosts mainly for development so I can
experiment on there for various options/configs without destroying the
server.

Thanks for your comments and info/help on this, much appreciated =)

Regards,

  Ian

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPgRRs2fqtj251CDhEQKWqACfcYLYytxjKcQ90j+E46ZT/o3iGGMAn1Jd
EMkC8yG+O4crRryhhVA8X2ZF
=2Dj4
-----END PGP SIGNATURE-----

--
Ian.H  [Design & Development]
digiServ Network - Web solutions
www.digiserv.net  |  irc.digiserv.net  |  forum.digiserv.net
Scripting, Web design, development & hosting.



Wed, 08 Jun 2005 19:32:15 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. different PHP-Version with differengt php.ini files?

2. php configure directives...

3. Modifying configuration directives from a PHP script???

4. How to use disable_functions in php.ini?

5. PHP.INI not taking affect

6. php.ini problem

7. where are setting stored when there is no php.ini file

8. official documentation php.ini ?!?!!?

9. really simple question php.ini

10. php.ini changes not taking

11. php.ini-dist

12. php.ini with IIS4 help!

 

 
Powered by phpBB® Forum Software