Safe mode OFF is a big secure problem on the server!

hugodk

Joined: 2006-04-14
Posts: 3

Posted: Fri, 2006-04-14 10:47

Maybe it's time to program a new gallery
script version that will run under
safe_mode ON, because that a server with
a safe_mode OFF will be a big secure
problem!

So sorry that your great gallery have
Requirements needs like
safe_mode OFF parameter

Regards

h0bbel

Joined: 2002-07-28
Posts: 13451

Posted: Fri, 2006-04-14 11:16

Well, safe mode is not the answer to the security problems, proper server administration is. This is also why safe_mode will be remobed from PHP6 because of the misconseptions in it's usage. See FAQ: Does G2 work with Safe Mode PHP? for a link to a forum thread expaining the Gallery position of Safe_mode.

h0bbel - Gallery Team
If you found my help useful, please consider donating to Gallery
http://h0bbel.p0ggel.org

hugodk

Joined: 2006-04-14
Posts: 3

Posted: Fri, 2006-04-14 20:16

Thanks!

A lot of servers still use PHP 4.X.

Do you use a webhotel with other user, it's more easy to get
access to others users Password and Usernames, inserted into scripts. That's way my argument - that it's a big secure problem to set the safe_mode OFF.

It's also should be easy to a good programmer to make scripts that
will run fine with the safe mode set to ON - maybe it will take
a little bit more time but it's possible .-)

Regards

h0bbel

Joined: 2002-07-28
Posts: 13451

Posted: Fri, 2006-04-14 22:04

Well, safe_mode really doesn't solve that problem. PHPSuExec does, or similar setups, which is what I was referring to in my above post.

h0bbel - Gallery Team
If you found my help useful, please consider donating to Gallery
http://h0bbel.p0ggel.org

hugodk

Joined: 2006-04-14
Posts: 3

Posted: Fri, 2006-04-14 23:58

Have already tried that, but thanks any way!

Just delete my install files, and go back to Coppermine
that I know runs with safe mode ON .-)

But would really like to se Gallery 2 - in action
on my own server and design

Regards,
hugodk - Webdesigner

valiant

Joined: 2003-01-04
Posts: 32509

Posted: Mon, 2006-05-01 05:56

MG2, coppermine, and a few others. there are plenty of alternatives and some of them work with php safe_mode.
but note that even the creators of PHP (the language that all these alternatives and G2 are based on) admit that safe_mode is crap and that it needs to go away...and it will. safe_mode is planned to be removed in the next major release of php (php 6).
all discussed in our php safe_mode thread.

for real web security, read:
http://codex.gallery2.org/index.php/Gallery2:Security

hugodk Joined: 2006-04-14 Posts: 3	Posted: Fri, 2006-04-14 10:47
	Maybe it's time to program a new gallery script version that will run under safe_mode ON, because that a server with a safe_mode OFF will be a big secure problem! So sorry that your great gallery have Requirements needs like safe_mode OFF parameter Regards
	XUser login Username: * Password: * Create new account Request new password
h0bbel Joined: 2002-07-28 Posts: 13451	Posted: Fri, 2006-04-14 11:16
	Well, safe mode is not the answer to the security problems, proper server administration is. This is also why safe_mode will be remobed from PHP6 because of the misconseptions in it's usage. See FAQ: Does G2 work with Safe Mode PHP? for a link to a forum thread expaining the Gallery position of Safe_mode. h0bbel - Gallery Team If you found my help useful, please consider donating to Gallery http://h0bbel.p0ggel.org

hugodk Joined: 2006-04-14 Posts: 3	Posted: Fri, 2006-04-14 20:16
	Thanks! A lot of servers still use PHP 4.X. Do you use a webhotel with other user, it's more easy to get access to others users Password and Usernames, inserted into scripts. That's way my argument - that it's a big secure problem to set the safe_mode OFF. It's also should be easy to a good programmer to make scripts that will run fine with the safe mode set to ON - maybe it will take a little bit more time but it's possible .-) Regards

h0bbel Joined: 2002-07-28 Posts: 13451	Posted: Fri, 2006-04-14 22:04
	Well, safe_mode really doesn't solve that problem. PHPSuExec does, or similar setups, which is what I was referring to in my above post. h0bbel - Gallery Team If you found my help useful, please consider donating to Gallery http://h0bbel.p0ggel.org

hugodk Joined: 2006-04-14 Posts: 3	Posted: Fri, 2006-04-14 23:58
	Have already tried that, but thanks any way! Just delete my install files, and go back to Coppermine that I know runs with safe mode ON .-) But would really like to se Gallery 2 - in action on my own server and design Regards, hugodk - Webdesigner

valiant Joined: 2003-01-04 Posts: 32509	Posted: Mon, 2006-05-01 05:56
	MG2, coppermine, and a few others. there are plenty of alternatives and some of them work with php safe_mode. but note that even the creators of PHP (the language that all these alternatives and G2 are based on) admit that safe_mode is crap and that it needs to go away...and it will. safe_mode is planned to be removed in the next major release of php (php 6). all discussed in our php safe_mode thread. for real web security, read: http://codex.gallery2.org/index.php/Gallery2:Security

Safe mode OFF is a big secure problem on the server!

XUser login