Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Security and safemode

Posted by jill (jill), 13 June 2007
This is a general question about the use of safe mode.

We first tried safe mode on, but found that scripts which copied or created a file on the server did not work because the script was not the owner of the relevant folders.

We have now turned safe mode off but safe mode gid on, and also made the relevant folders owned by a group, say thisgroup, and then made httpd a member of thisgroup.  This seems to be working - so far so great.

I just wondered what others were doing and whether there is a common way of dealing with this, and if so what it is.

Posted by admin (Graham Ellis), 13 June 2007
Are the scripts you are running your own scripts / scripts written by your trusted team, or are the written by untrusted users?

Posted by jill (jill), 13 June 2007
scripts written by a trusted team

Posted by admin (Graham Ellis), 14 June 2007
OK, Jill ...

Safe mode is removed at the next major release of PHP, so it's not a good idea to start relying on it at this stage. The manual states that it is "archticturally incorrect" to have / use it and, indeed, code and directory saftey should be dealt with at OS and user level and not by the PHP so all it's even really been able to do is to provide some help in security and it's not - and never could - plug all the gaps.

With a trusted team, the best bet is to set up the server without these modes, take care of uid and gid issues letting access failures there "bounce" and errors, and check web site user file name inputs to see if they's done anything really nasty (such as "../../../offlimits.txt") to go where they should not.  A standard PHP function that everyone includes and uses - do you have a set of header functions on every single page (he asks hopefully) in which you could include this? - it works wonders for us!

Posted by jill (jill), 14 June 2007
Graham thanks for your advice.  I understand the first paragraph, unfortunately, but not the second.  This is probably because I do not know enough, or indeed anything much, about configuring the server.

How do we take care of uid and gid isues? how do we let access failures bounce and how do we let errors bounce, or do you mean access failures bounce and give error messages?  

We do validate user inputs to prevent insertion attacks - I will check to see if ../ etc is covered.

The standard php function you mention - do you mean to validate user inputs as mentioned above?  or something else?

Thanks for any further help

Posted by jill (jill), 14 June 2007
ps  - and what would the advice be if the scripts were not written by a trusted team?

Posted by jill (jill), 14 June 2007
.. and a further query regarding your ../../../offlimits.txt

we curently use three functions, strip_tags, stripslashes, and htmlentities - is this enough or do we need to do something further?

Thanks again for any further advice

Posted by admin (Graham Ellis), 15 June 2007
Have a look here for a quick summary of injection attack possibilities with PHP / things you need to consider is you're writing code that could have a potential hole.  Bear in mind that my list may not be complete, and the functions you mention each - if used correctly - deals with a single possible attack type.

For none-trusted users, the approach wouold be to "sandbox" each, as far as possible, in their own are via user accounts and permissions.

Forgive the briefness of my answer this morning - just back in the country yesterday and on a time dealine for a heavy 1-day course today!

This page is a thread posted to the opentalk forum at and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: • WEB: • SKYPE: wellho