Why So Many Functions Disabled For Security???

[TheJeffsta]

OMG, I have installed MediaWiki, with a lot of code editing in the install script to get past some security disabled php functions.

Now that I am using the wiki, I keep getting this popen() disabled warning, this isnt all the time but some of the time, dont know what causes it, but its $@*&@ annoying!

What is soo bad about dl() and popen()?

 

[HyperCyber]

phpinfo() is desabled too lol

 

[Brandon]

dl() - Loads the PHP extension given by the parameter library.
popen() - Opens a pipe to a process executed by forking the command given by command.

You can see why they are disabled.

 

[TheJeffsta]

Well then why do such innocent scripts use them , stupid php coders using disabled functions!

phpinfo() isnt a security risk :S

 

[Brandon]

phpinfo() is a security risk, as it reveals any extensions, kernel version, etc installed on our server. Sometimes this can be put in the wrong hands.

 

[TheJeffsta]

Stupid 'wrong hands' messing everything up for everyone else

 

[Corey]

Yes, DL is an extremely unsafe function allowing people to dynamically load whatever PHP modules they like.

We are working on 3 different types of PHP that can be changed for users upon request. Each version of PHP would allow the use of certain restricted functions for people we 'trust' with it. I wanted to roll that out this week but with all the problems and new users I haven't had much time to do anything but answer support requests and deal with server issues.

Hopefully we'll be able to do this soon.

-Corey

 

[TheJeffsta]

Thank you Corey!

 

[Brandon]

This thread seems to be solved, I have locked it, if you have any additional questions, please reopen it or start a new topic.