Page 1 of 1

File manager script security...

Posted: Mon May 12, 2003 4:49 pm
by m3mn0n
I have a file manager script, and i do not want the users who have php files in a folder above the file manager to be able to use the functions show_source() to view copyrighted script sources, ini_set() to make drastic changes to php, or any other potentially dangerous security risk functions like that.

I'm just baffled a bit on how to disable their use of certain functions like that and keep them for my use. And how to implement the changes, it's kind of a weird topic to search around for, any ideas on doing this?

Thanks!

Posted: Mon May 12, 2003 8:02 pm
by volka
see: http://www.php.net/manual/sl/features.s ... -functions
unfortunatly (for you) this is a PHP_INI_SYSTEM parameter thus it can only be set in php.ini affecting all your scripts.

Posted: Tue May 13, 2003 8:50 am
by m3mn0n
Thanks volka. I overlooked that link in the manual. :wink:

Posted: Tue May 13, 2003 9:01 am
by volka
would be nice to have something like AllowOveride for php_tag, ... in .htaccess but I don't know of anything like that.
Hopefully someone has a better solution :(

Posted: Tue May 13, 2003 3:25 pm
by m3mn0n
Whoa this project has really required up so much more indepth reading of unfamiliar bits of the manual for me. :?


/me prints off the entire safe mode section of the manual