php safe mode and squirrelmail
Norman Gaywood
norm at turing.une.edu.au
Thu May 6 00:18:52 UTC 2004
We have an FC1 system used by many people for many purposes. I would like
to stop my php users from stealing passwords using the php environment
var $_SERVER['PHP_AUTH_PW']
One way to do this seems to be to enable php's safe mode. The problem
with that is that it breaks squirrelmail. AFAICT, squirrelmail breaks
not because it uses $_SERVER['PHP_AUTH_PW'], but for other reasons caused
by safe mode.
So the question is, does anyone know how to enable php safe mode and
keep squirrel mail working?
Or, does anyone know how to disable $_SERVER['PHP_AUTH_PW'] in php
without enabling the full php safe mode.
--
Norman Gaywood, Systems Administrator
School of Mathematics, Statistics and Computer Science
University of New England, Armidale, NSW 2351, Australia
norm at turing.une.edu.au Phone: +61 (0)2 6773 2412
http://turing.une.edu.au/~norm Fax: +61 (0)2 6773 3312
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
More information about the fedora-list
mailing list