Page 1 of 1

Absolute Path stored in Environment Variable

Posted: Fri Jul 24, 2009 11:23 am
by ctrLogicDotNet
Here is the thing,

I have my own dedicated server and intend to put future customers on shared hosting on it.
Some of the customers will be using PHP code we built and located in a folder which is placed likely to PEAR folder and all, and some other customers won't have access to this PHP code.
I've added the absolute path of this folder in the php.ini,
I've added an environement variable containing the absolute path from the shell,
and made environment variables accessible by changing this in the php.ini: variables_order = "EGPCS" instead of "GPCS"

My question is:

Will the last step be a security issue on a shared hosting server, if yes, what will that be?
And if any other security issues should be considered, you would be kind to let me know.

Thank You

Re: Absolute Path stored in Environment Variable

Posted: Sat Jul 25, 2009 12:07 am
by kaisellgren
I don't think you even need that E to be there. The letter S stands for $_SERVER and if you have this code in a .htaccess:

Code: Select all

SetEnv foo bar
Then you can access it through $_SERVER['foo']. No need for E's ($_ENV).

Re: Absolute Path stored in Environment Variable

Posted: Mon Jul 27, 2009 9:58 am
by ctrLogicDotNet
Thank You for the hint

So the way I understand this, if it is available for anybody via .htaccess on a shared server, there can't be any security issues?
But now the thing is, I don't want to include .htaccess files on every customer accounts for this absolute_path variable to be available, I want it to be accessible directly from php...

Anyway to include a variable directly in $_SERVER variables?

Re: Absolute Path stored in Environment Variable

Posted: Mon Jul 27, 2009 10:13 am
by ctrLogicDotNet
Guess I could do it directly by configuring php.ini:
  • auto_prepend_file = "path_of_file_to_be_executed";
and add a script name to be executed at every start containing this:
  • $_SERVER['path_I_want_to_be_added'] = 'whatever';

Re: Absolute Path stored in Environment Variable

Posted: Sun Aug 02, 2009 1:28 am
by kaisellgren
I'm no Apache/HTTPD expert, but can't you do this "SetEnv" automatically for each HTTP request? I think there is a way to do it globally so that no .htaccess needed.

Also, how and when would someone use this $_SERVER variable in PHP code?