Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > how to prevent access to php.ini from user level in anyway ....


how to prevent access to php.ini from user level in anyway ....




Posted by metalsoft, 12-08-2011, 05:56 PM
hi guys i've been searching for a while and i almost got nothing usefull .... so here i am asking u all here is the thing : i know how to enable open base dir protection and i know how to disable particular functions in php.ini and i also know how to disable dynamically loading of extensions in php ... but here is what i don't get, still with disabling all those things users are able to change particular features like max memory limit and etc using their own php.ini files in their home dir or other directories :-s i really need to know how to do something to not let anybody change anything in their php.ini config and just stick to the one that i set on my server if it's possible to do plz tell me how p.s : sorry for the terrible English!
Posted by linuxtechz, 12-09-2011, 03:32 AM
hey, when you compile apache on cpanel based servers if that is what you are talking about here , it can be done on easyapache itself that points out an option mentioning to prevent users from using their own php.ini. Further on servers without control panel it can be disabled by including the function on disabled function list for global php.ini.
Posted by ArturasLIX, 12-09-2011, 04:43 AM
Hello, the problem here is in that users can override php.ini directives. To prevent it one of the ways is to use php_admin_value in apache's virtual host directives. For instance: As for php.ini files, check your include paths.
Posted by almanox, 12-09-2011, 04:59 AM
I believe you can configure php to read php.ini and additional .ini files from specific location not writable by a user. To begin, see at the top of phpinfo() results how are .ini paths set for your clients and what type of php setup (Server API) you are using. With a few setups specifying php directives in .htaccess is not allowed.
Posted by metalsoft, 12-09-2011, 03:01 PM
thanks everybody considering that i'm kinda amateur can u tell me which function should i disable in php.ini config to make sure nothing can change from user level after that? for the moment the functions " dl, php_info, show_source, system, shell_exec, passthru, exec, popen, proc_open, system, phpinfo" are disabled ... what should i add to it? one of u guys mentioned that i can prevent php config. to be over written in .htaccess ... can i ask how? and after all how can i specify which folder should php look to read php.ini?
Posted by quantumphysics, 12-09-2011, 04:05 PM
you disabled phpinfo? wtf? you're looking at this completely the wrong way..


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Internal Server Error open3: exec of /usr/local/cpanel/whostmgr/bin/whostmgr roothtm (Views: 812)
Cluster servers (Views: 690)
Turn-key Solutions (Views: 693)
Server setup (Views: 690)
Suhosin Alert help? (Views: 741)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.