Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Zizzla_JA Posted October 31, 2014 Posted October 31, 2014 Hello, I was ruining throw my security center check list from the (ACP) when i came across = > Enable open_basedir We recommend enabling the PHP configuration option open_basedir and setting it to your webroot and temporary directory. Any one tell me first why this is re-commented ? and secondly what effect this has ? and last point is it a security risk not to have it enabled ? Many thanks in advance... :smile:
AndyF Posted October 31, 2014 Posted October 31, 2014 It can improve security as it is in effect a restriction on what directories (and subdirectories within) are permitted to access the filesystem. You'll probably want to include your tmp directory in this as well.
Zizzla_JA Posted October 31, 2014 Author Posted October 31, 2014 Nice one Andy i will enable it, by the way i am currently away from my site at the moment so i will enable the open_basedir shortly were you say " include your tmp directory " is this option available to me throw the open_basedir ? If not how do i consider doing that ??
AndyF Posted October 31, 2014 Posted October 31, 2014 You'll have to add it to php.ini (if you are able to have a local one) Ask your host if this is possible first. :)
Zizzla_JA Posted October 31, 2014 Author Posted October 31, 2014 I am not at all formula with what you say Andy adding stuff, but i use whms & Cpanel ! now i am wanting to try this for myself, but as this is not some thing i wish to mess up !! can you tell me were to start looking & add what were? Hope you can guide me throw this ?? and thanks again for your reply :smile:
ASTRAPI Posted October 31, 2014 Posted October 31, 2014 Hi Zizzla_JA On whm go to: Home »Security Center »PHP open_basedir Tweak Easiest way is to search for it on the top left as : PHP open_basedir Tweak And select the Enable php open_basedir Protection :smile: You can see there that you can exclude any domains that you may want also....
Zizzla_JA Posted October 31, 2014 Author Posted October 31, 2014 Appreciated ASTRAPI :thumbsup: i will try following your guide...
Zizzla_JA Posted November 1, 2014 Author Posted November 1, 2014 PHP open_basedir Tweak = > PHP open_basedir Protection PHP's open_basedir protection prevents users from opening files outside of their home directory with php. This security tweak uses Apache DSO style directives. If PHP is configured to run as a CGI, SuPHP or FastCGI process, the open_basedir setting must be manually specified in the relevant php.ini file. Enable php open_basedir Protection = > Host = > check Well it seems my server management guys had already enabled it so i did not edit any thing there, i just need to enable open_basedir now from the ACP :smile: cheers AndyF & ASTRAPI for your time answering my post.. :thumbsup:
Recommended Posts
Archived
This topic is now archived and is closed to further replies.