Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:8623
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Recieved: (qmail 26341 invoked by uid 0); 19 Mar 2004 21:00:59 -0000
Message-ID: <60763.66.158.132.127.1079730383.squirrel@www.funio.com>
Date: Fri, 19 Mar 2004 16:06:23 -0500 (EST)
To: internals@lists.php.net
User-Agent: SquirrelMail/1.4.2
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Importance: Normal
Subject: Re: [PHP-DEV] new security related directive for php-4.3.4 
From: boulat@funio.com

> On Fri, 19 Mar 2004 boulat@funio.com wrote:
>> The reason why I would want to play with settings in php.ini or/and
>> httpd.conf often is because everytime I modify those config files I MUST
>> restart apache in order for changes to take place, meaning I will have
>> DOWNTIME. Now imagine hundreds of new accounts added per day to your
>> hosting machine, that means the webserver will end up getting restarted
>> hundreds of times... Hundreds of seconds per day add up to minutes of
>> downtime... and as we all know downtime is something everyone tries to
>> avoid at all costs.
>
> That's a good point.  But this implementation still doesn't seem very
> slick to me.  What about something like:
>
>   open_basedir = /var/www/{user}/public_html

That's a great way of doin it too, Rasmus.
virtual_root_level might not be very slick, however, it was the
simplest/easier way to solve the problem I was able to up with at the
time.

> Where {user} would map to the owner of the script being executed.  Other
> things that might be supported as well:  {group}, {regex:a.*$}, {host}
> and probably other things as well.  I haven't thought through this very
> much yet, but that seems like a more flexible approach to this problem.

the beauty of open source... ;)

Cheers,
Boulat.


>
> -Rasmus
>