blob: 67d3480ad4a608d49b91850454bf1f568e4e0461 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
--- php.ini-production.orig 2009-08-24 17:18:23.000000000 +0200
+++ php.ini-production 2009-08-24 17:18:33.000000000 +0200
@@ -335,6 +335,15 @@
; Safe Mode
; http://php.net/safe-mode
+;
+; SECURITY NOTE: The FreeBSD Security Officer strongly recommend that
+; the PHP Safe Mode feature not be relied upon for security, since the
+; issues Safe Mode tries to handle cannot properly be handled in PHP
+; (primarily due to PHP's use of external libraries). While many bugs
+; in Safe Mode has been fixed it's very likely that more issues exist
+; which allows a user to bypass Safe Mode restrictions.
+; For increased security we always recommend to install the Suhosin
+; extension.
safe_mode = Off
; By default, Safe Mode does a UID compare check when
|
