Re: PHP Settings & Secure Server for XC5
The feedback relates to server admin, but specifically when dealing with shared space and/or VPS customers etc. Allowing free, uncontrolled access to all of the PHP functions shown in our first post may give rise to vulnerability, especially exec() or shell_exec() in PHP, where it can be easy to create a symlink and thus unchecked FollowSymLinks availability can arise.... No problem for us, as we're not involved with any shared space / VPS etc but others might be.
__________________
Dev Store & Live Store XC Business 5.4.1.35
Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian
Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33
|