[wp-hackers] Forum Post: cache issue

Robert Deaton false.hopes at gmail.com
Thu Jan 19 01:39:13 GMT 2006


On 1/18/06, Ryan Boren <ryan at boren.nu> wrote:
> On Wed, 2006-01-18 at 19:30 -0500, David Chait wrote:
> > This is a dumb question: how many hosts have safe mode on?  I would have
> > expected my plugins to fail left and right (given they too create cache
> > files...).
> >
> > And, this would obviously also nuke things like WP-Cache, right?
> >
> > Eeek.
>
> Yes, it can be painful unless there is some workaround that I don't know
> about.  Given the griping on php.net and elsewhere, I don't think there
> is a workaround.
>
> Some hosts are asking whether they should turn safe_mode off.  They want
> to know if it buys any real added security or if it just breaks things.
>

If you're ever asked this personally, or you feel like telling
someone, safe_mode just complicates things. If you want added
security, turn open_basedir on, and use the disabled_functions
directive in php.ini to disable all of the exec related functions so
that users can't run binaries, and you've pretty much locked down
tigher than safe_mode does.

safe_mode is scheduled for complete removal from PHP6.

--
--Robert Deaton
http://somethingunpredictable.com


More information about the wp-hackers mailing list