Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted February 21, 20196 yr Do you you guys recommend enabling shell or shell_exe on a web server? (potentially giving access to any plugin server commands?)
February 21, 20196 yr I would not recommend leaving shell_exec enabled if you didn't have a specific reason.
February 21, 20196 yr Author 4 hours ago, bfarber said: I would not recommend leaving shell_exec enabled if you didn't have a specific reason. seems I need it to run ff_mpeg. I am trying to weigh the risk verses reward here.
February 21, 20196 yr Well, in that case you have a specific reason. If you have a specific reason, and the command isn't open to injection, that's fine. It's there for a purpose. Most clients do not need it, and subsequently I would recommend disabling it.
Archived
This topic is now archived and is closed to further replies.