Thread: php safe mode

    #1
  1. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    32

    php safe mode


    Hey there

    okie, I am good week (month?) late, but has anyone yet faced problem with mysql not working properly with php's safe mode? It is really nasty stuff going on here and php dev teem has been warned as well as mysql, but are they going to do anything?

    Please don't here lecture on how *nix user system works and that servers aren't running as root and all that - I am aware of that. But aren't user files still in danger?

    Whatever, I just want to hear some opinions, and if you still dont have a foggest idea what I am talking about read this article
    And you know I mean that.
  2. #2
  3. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    19
    From the MySQL manual:

    For security reasons, when reading text files located on the server, the files must either reside in the database directory or be readable by all. Also, to use LOAD DATA INFILE on server files, you must have the file privilege on the server host. See section 4.2.6 Privileges Provided by MySQL.
    So, IOW, this would only work on files that could be exposed via FTP anyway (i.e. files readable by all). If you don't have FTP service and want to button it down even more, just don't give your MySQL users the FILE privilege.
  4. #3
  5. Mobbing Gangster
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Sep 2001
    Location
    "Best City" 2002 and 2003- Melbourne, Australia
    Posts
    4,912
    Rep Power
    32
    all right, thx for info rod. I'll try to get access to nix box and play around with it to check out for myself.
    And you know I mean that.

IMN logo majestic logo threadwatch logo seochat tools logo