Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted October 31, 201410 yr Hello, I was ruining throw my security center check list from the (ACP) when i came across = > Enable open_basedir We recommend enabling the PHP configuration option open_basedir and setting it to your webroot and temporary directory. Any one tell me first why this is re-commented ? and secondly what effect this has ? and last point is it a security risk not to have it enabled ? Many thanks in advance... :smile:
October 31, 201410 yr It can improve security as it is in effect a restriction on what directories (and subdirectories within) are permitted to access the filesystem. You'll probably want to include your tmp directory in this as well.
October 31, 201410 yr Author Nice one Andy i will enable it, by the way i am currently away from my site at the moment so i will enable the open_basedir shortly were you say " include your tmp directory " is this option available to me throw the open_basedir ? If not how do i consider doing that ??
October 31, 201410 yr You'll have to add it to php.ini (if you are able to have a local one) Ask your host if this is possible first. :)
October 31, 201410 yr Author I am not at all formula with what you say Andy adding stuff, but i use whms & Cpanel ! now i am wanting to try this for myself, but as this is not some thing i wish to mess up !! can you tell me were to start looking & add what were? Hope you can guide me throw this ?? and thanks again for your reply :smile:
October 31, 201410 yr Hi Zizzla_JA On whm go to: Home »Security Center »PHP open_basedir Tweak Easiest way is to search for it on the top left as : PHP open_basedir Tweak And select the Enable php open_basedir Protection :smile: You can see there that you can exclude any domains that you may want also....
November 1, 201410 yr Author PHP open_basedir Tweak = > PHP open_basedir Protection PHP's open_basedir protection prevents users from opening files outside of their home directory with php. This security tweak uses Apache DSO style directives. If PHP is configured to run as a CGI, SuPHP or FastCGI process, the open_basedir setting must be manually specified in the relevant php.ini file. Enable php open_basedir Protection = > Host = > check Well it seems my server management guys had already enabled it so i did not edit any thing there, i just need to enable open_basedir now from the ACP :smile: cheers AndyF & ASTRAPI for your time answering my post.. :thumbsup:
Archived
This topic is now archived and is closed to further replies.