[[Safe Mode]]
Recent changes RSS feed
 
You are here: Web Application Component Toolkit » security » practice » Safe Mode

Safe Mode

Some useful information about safe mode can be found in Apache Security Chapter 3 (PDF).

In reality, safe mode is not safe and is very unpopular - see PHP's safe_mode or how not to implement security - the short explaination is safe mode works by trying to isolate the PHP runtime from the rest of the world. Unfortunately on most shared hosts, there are many “ways in”, not just through PHP, and most of the tricks to bypass work on this basis. And it’s not just attackers trying to get round it - pretty much anyone who found some PHP application they installed doesn’t work is looking for a way round it. Some Open Source PHP applications even ship with code ready to bypass safe mode.

Furthermore, safe mode is due to be dropped from PHP6 (that’s what’s happening right here).

 
security/practice/php_safe_mode.txt · Last modified: 2006/12/09 17:15
 
Hosting for this site donated by Procata PHP Development