SJ77 Posted February 21, 2019 Share Posted February 21, 2019 Do you you guys recommend enabling shell or shell_exe on a web server? (potentially giving access to any plugin server commands?) Link to comment Share on other sites More sharing options...
SJ77 Posted February 21, 2019 Author Share Posted February 21, 2019 anybody know? Link to comment Share on other sites More sharing options...
bfarber Posted February 21, 2019 Share Posted February 21, 2019 I would not recommend leaving shell_exec enabled if you didn't have a specific reason. Link to comment Share on other sites More sharing options...
SJ77 Posted February 21, 2019 Author Share Posted February 21, 2019 4 hours ago, bfarber said: I would not recommend leaving shell_exec enabled if you didn't have a specific reason. seems I need it to run ff_mpeg. I am trying to weigh the risk verses reward here. Link to comment Share on other sites More sharing options...
bfarber Posted February 21, 2019 Share Posted February 21, 2019 Well, in that case you have a specific reason. If you have a specific reason, and the command isn't open to injection, that's fine. It's there for a purpose. Most clients do not need it, and subsequently I would recommend disabling it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.