560Part IIIAdvanced Features and TechniquesMost users today (Email web hosting) who
560Part IIIAdvanced Features and TechniquesMost users today who use PHP s CGI mode are interested in using it as a standalone binary, similar to Perl, rather than for Web development. If this is the case, safe mode is probablybeside the point. –enable-safe-modeSafe mode was originally designed for and is still very strongly recommended for users of theCGI version of PHP, especially in a shared-server environment. Module users generally do notuse safe mode, although it s theoretically possible. Safe mode basically does three things: .It limits PHP parsing to files in a specified directory. .Even within that directory, it prevents PHP from reading files that are owned by a userother than the one running the PHP process. .It limits PHP to executing only external programs in a specified directory, such as/usr/local/bin. Remember that userin this formulation means the PHP user rather than a systems user. The increased security of safe mode comes at a cost and that cost is inconvenience. Inconvenience is probably the number-one reason that people do insecure things in the firstplace which leaves us right back where we started. In general, if you lack root access on the server, you can forget about using safe mode. Theexception is if your ISP has set you up with a CGI version of PHP running under individualUIDs with suExec or functional equivalent. It s next to impossible to switch file ownershipbetween a real Unix system user and Nobody without becoming the superuser once in awhile. Apache s suExec feature, which allows CGIs to be run under user IDs different than that ofthe httpd, is notcompatible with PHP safe mode. You must choose one or the other, asyour PHP binary will get dumped to the browser if you try to use both. The safe mode restriction on executing programs is intended to limit access to system utilities. PHP can still connect to certain programs that are already running, regardless of their locationor user such as a database server or mail server because it s talking to a port rather thanrunning a program. The main Apache configuration directive related to safe mode is DocumentRoot. Rememberthat under safe mode you can t include or require files from outside this directory, so set it at a high enough level. You can alternatively set the PHP document root in php.iniby meansof the doc_rootvariable you may choose to do it this way if, for instance, only part of your site is PHP-enabled. Configuration directives in php.inirelated to safe mode includesafe_mode=on/offand safe_mode_exec_dir. (You need to set this only if you want tochange from /usr/local/binto something else.) You can also use include_pathto specifyparticular subdirectories within your document root directory onlyfor your include files. Safe mode cannot be enabled or disabled in Apache s per-directory .htaccessfiles. Changes related to safe mode must be made in the main Apache configuration file, httpd.conf, or in php.inias described previously. The function set_time_limit()cannot be used in safe mode. You must depend on theglobal configuration directive max_execution_timein php.iniinstead. TipCaution34
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision web design programs services