Should PHP safemode be kept on or off?

by Sanjeev Jaiswal
What is safe mode in PHP
In PHP, safe mode is a security feature that was designed to prevent hackers from being able to use PHP scripts to execute commands at the operating system level (such as Linux shell commands).
It was intended to be a security method for web applications running on shared hosting accounts, as VPS and dedicated servers running single web hosting accounts did not need it. It never functioned well, however, and PHP developers have removed it from the upcoming version 6 release.

 
What’s the problem with the safe mode?
The core problem with Safe Mode is its inconsistency; in many situations, it works great and limits access to dangerous functions, however, all it takes is one allowed dangerous function to negate it completely.
 
What we should keep in mind if PHP safe mode is on?
The current best practice is to combine Safe Mode with a long list of functions for the "disabled_functions" parameter in the php.ini configuration file. This approach applies the Safe Mode restrictions to PHP as a whole and then specifically limits functions that can be used to work around it. Again, the problem with this approach is inconsistency; if even a single dangerous function is missed, the entire process is wasted.
 
So the question is, should we keep PHP safe mode on on or off and when we should do it?
In plain text, keep it off always. It doesn’t solve any security issue and will not be there from PHP 6 release.
“Turn it off. Always leave it off.”
 
It was designed way back when as a way to make PHP safe to use on mass hosts, and let the hosts "lock down" PHP.
But over time, it was realized that this didn't really work, and didn't really solve the problem anyway. There are better system-level ways of securing servers. So PHP is removing the functionality in the next major version and has it deprecated.
 
In case, if PHP safe mode is disabled and want to secure the system, what we should do?
We should use OS level security and we can use mod security for PHP at application level.
 
Conclusion
We may allow disabling PHP safe mode off as it will not cause serious issue.
 
For more information on PHP safe mode, visit this link: http://php.net/manual/en/features.safe-mode.php
 

Related Posts

5 minimal reasons to write blog

blog powerNow a day almost every internet user is having one’s personal website or blogging website. Even if you are not having one, sooner or later you will be having your own blogging website for sure.
What minimal things are there which will force you to write blog?
According to me, it should be:

  1. write blogTo show your presence over internet

Blogging is one of the best ways to be famous amongst netizens.  Which means you will be popular amongst your locality, company, school/college, country or all over the world.

  • Who doesn’t want to be famous (of course for good reasons only)?
  • Who doesn’t want fans, fame, respect, followers?

Just being a blogger can give you all these. So start writing blog!

 2. To get in touch with like minded people

blog networkIf you are from biology background or say economics or like me a networking freak guy, Web developer etc. You may want to be in touch with people of same profession and of same taste. Internet is the fastest way to grow your own community rather than joining any club near your home! Even your neighbor will meet you most of the time over internet. More networks mean more knowledge you can gain and more efficiently you can put your point over the internet crowd.
Remember, Internet is the fastest way of communication than TV or newspaper!

3. blog addictedShow off your knowledge and get rewarded online

Who doesn’t like to hear praising words like:

  • You saved my day
  • You are genius
  • You are guru in your field
  • I am lucky to have you as my mentor and so on

 Show off (Share in general sense) whatever you know related to your domain. Let’s say being a JavaScript programmer, you can post tutorials, can post your experiments etc. More you will share, more you will learn in two ways:   

  • Just to write a single blog on small topic, you would do a lot research before publishing it which ultimately is going to help you to hone your skills.
  • More you will share more expert comments you will get and other people would share too. i.e. like share one learn multi stuffs principle

                          You may be popular like Linus or Richard Stallman or name any one of your favorite role models.  

 4. Earn  some  bucks from it

write blog for moneyMany part time and full time blogger are even earning more than $2000 per month just from blogging. You can be the example too!. You should write quality blog, should gain user’s trust and keep updating latest stuffs from your domain regularly. That’s it!
Putting Google ad sense, local advertisements, affiliation program, joining few CPC programs can give you what you want from your blog (Of course I meant money only)

If by writing what you like, you can earn money then what’s the harm in it. Let the money come in 😛

 5. Will enhance your skills significantly

As already I discussed about it in my 3rd point that writing quality blog can give not only name & fame but money too! Find your best part that you can show to the whole world by writing blogs. It’s not necessary that it should be technical only and only technical people can have blog.
Any one can handle and manage blogging based website. Check BlogSpot, wordpress etc for better understandings.
You can have blogs on food items, dressing style, music reviews, book reviews, city updates etc.

So, when you are going to publish your own blog?

 

PHP for beginners -Lesson 5

LoopingFOR LOOP IN PHP

Code will execute continue till condition reached false.
Syntax: for (initialization; condition; increment/decrement) { code here… }

Parameters :
initialization – set your counter, execute only once.
condition – Loop will continue till condition is TRUE.
increment/decrement – increase or decrease your counter , this parameter will execute at end of loop.

Example 1 : Display 1 to 5 numbers using For loop. <?php $i=1; for( $i = 1; $i <= 5; $i++ ){ echo $i."\t"; // \t use for TAB } ?>

Output : 1 2 3 4 5

Example 2 : Display table of input number <?php $no=5; for( $i = 1; $i <= 10; $i++ ){ echo $no*$i."\t"; } ?>

Output: 5 10 15 20 25 30 35 40 45 50

Example 3 : Fibonacci series
What is Fibonacci Numbers?
Below sequence called Fibonaci series
0,1,1,2,3,5,8,13,21,34,55,89,,144………. (f3 =f2+f1 and given f1=0, f2=1)

By definition, the first Fibonacci number is 0 and second Fibonacci number is 1. Then each subsequent number is calculated based on sum of the previous two. <?php $f1 = 0; $f2 = 1; $range = 10; for ( $i = 2; $i < $range; $i++ ){ $fn = $f1 + $f2; echo $fn."\t"; $f1 = $f2; $f2 = $fn; } ?>

Output : 1 2 3 5 8 13 21 34

Example 4 : Prime number from 1 to 100
A Prime Number can be divided – only by 1 or itself. And it must be a whole number greater than 1

<?php for( $i = 1; $i <= 100; $i++ ){ for( $j = 2; $j <= $i-1; $j++ ){ if( $i % $j == 0) break; } if($j==$i) echo $j."\t"; } ?>

Output : 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97

 

Uncategorized

Tutorial on Creating Dynamic Sitemap Using PHP

  • admin
  • November 29, 2013
  • 5

If you own a website then one very common problem that you might come across is that some of your webpages might not show up in the search results. In such a case, most of us believe that the webpage does not have any links to them on the website. But unless the search engines have banned that web page, there are very less chances of any particular webpage not having links to it on the website. And in such a scenario, you are required to provide a proper navigation structure for your users, but that might not be a feasible option, especially when your website is having lot of content

.

5 thoughts on “Should PHP safemode be kept on or off?

Leave a Reply

Discover more from AlienCoders

Subscribe now to keep reading and get access to the full archive.

Continue reading