SJ77 Posted February 21, 2019 Posted February 21, 2019 Do you you guys recommend enabling shell or shell_exe on a web server? (potentially giving access to any plugin server commands?)
bfarber Posted February 21, 2019 Posted February 21, 2019 I would not recommend leaving shell_exec enabled if you didn't have a specific reason.
SJ77 Posted February 21, 2019 Author Posted February 21, 2019 4 hours ago, bfarber said: I would not recommend leaving shell_exec enabled if you didn't have a specific reason. seems I need it to run ff_mpeg. I am trying to weigh the risk verses reward here.
bfarber Posted February 21, 2019 Posted February 21, 2019 Well, in that case you have a specific reason. If you have a specific reason, and the command isn't open to injection, that's fine. It's there for a purpose. Most clients do not need it, and subsequently I would recommend disabling it.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.