Here is the thing,
I have my own dedicated server and intend to put future customers on shared hosting on it.
Some of the customers will be using PHP code we built and located in a folder which is placed likely to PEAR folder and all, and some other customers won't have access to this PHP code.
I've added the absolute path of this folder in the php.ini,
I've added an environement variable containing the absolute path from the shell,
and made environment variables accessible by changing this in the php.ini: variables_order = "EGPCS" instead of "GPCS"
My question is:
Will the last step be a security issue on a shared hosting server, if yes, what will that be?
And if any other security issues should be considered, you would be kind to let me know.
Thank You
Absolute Path stored in Environment Variable
Moderator: General Moderators
-
ctrLogicDotNet
- Forum Newbie
- Posts: 24
- Joined: Fri Jul 24, 2009 10:52 am
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Absolute Path stored in Environment Variable
I don't think you even need that E to be there. The letter S stands for $_SERVER and if you have this code in a .htaccess:
Then you can access it through $_SERVER['foo']. No need for E's ($_ENV).
Code: Select all
SetEnv foo bar-
ctrLogicDotNet
- Forum Newbie
- Posts: 24
- Joined: Fri Jul 24, 2009 10:52 am
Re: Absolute Path stored in Environment Variable
Thank You for the hint
So the way I understand this, if it is available for anybody via .htaccess on a shared server, there can't be any security issues?
But now the thing is, I don't want to include .htaccess files on every customer accounts for this absolute_path variable to be available, I want it to be accessible directly from php...
Anyway to include a variable directly in $_SERVER variables?
So the way I understand this, if it is available for anybody via .htaccess on a shared server, there can't be any security issues?
But now the thing is, I don't want to include .htaccess files on every customer accounts for this absolute_path variable to be available, I want it to be accessible directly from php...
Anyway to include a variable directly in $_SERVER variables?
-
ctrLogicDotNet
- Forum Newbie
- Posts: 24
- Joined: Fri Jul 24, 2009 10:52 am
Re: Absolute Path stored in Environment Variable
Guess I could do it directly by configuring php.ini:
- auto_prepend_file = "path_of_file_to_be_executed";
- $_SERVER['path_I_want_to_be_added'] = 'whatever';
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Absolute Path stored in Environment Variable
I'm no Apache/HTTPD expert, but can't you do this "SetEnv" automatically for each HTTP request? I think there is a way to do it globally so that no .htaccess needed.
Also, how and when would someone use this $_SERVER variable in PHP code?
Also, how and when would someone use this $_SERVER variable in PHP code?