WARNING .. please help me .. :)

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
0p3x
Forum Newbie
Posts: 1
Joined: Thu Jan 29, 2009 5:52 pm

WARNING .. please help me .. :)

Post by 0p3x »

hi all ..

i have a forum ,,

and i detected this WARNING

warning: fopen() [function.fopen]: SAFE MODE Restriction In effect. The script whose uid is 515 is not allowed to acces /tmp/vbthumbAQTNwb owned by uid 99 in [path]/includes/class_image.php on line 333

warning: fopen(/tmp/vbthumbAQTNwb0 [function:fopen]: failed to open stream: succes in [path]/includes/class_image.php on line 333




please can any one tell me if any One can hack my forum by this WARNING

and how he can use it ?

and how i can protect it ?



please couse i warried about it ..
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: WARNING .. please help me .. :)

Post by kaisellgren »

I think the forum software tries to read temporary files and the software is not meant to work with safemode turned on.
mickeyunderscore
Forum Contributor
Posts: 129
Joined: Sat Jan 31, 2009 9:00 am
Location: UK

Re: WARNING .. please help me .. :)

Post by mickeyunderscore »

Read up on safe mode: http://uk.php.net/features.safe-mode

This error does give clues to your architecture and therefore perhaps the framework you are using which may have security vulnerabilities that could be exploited.

You should turn off all error reporting on a live server, if you don't have access to php.ini, I rgink you can use the error_reporting() function. Or if you don't want to turn off error reporting, you can preceed the fopen() function with @ which will suppress this particular error.

A quick note on @: people will tell you it runs slow, but the speed difference in my opinion is negligible. Most of the execution time is consumed by the error, not the suppression of it. However, it is usually better to solve the error rather than hide/suppress it
Post Reply