Jump to content

PHP functions


keat

Recommended Posts

Security advisor on my server suggests:

You should consider disabling commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list:

 

Are all these safe to remove as far as Cubecart V6 goes.

Link to comment
Share on other sites

9 hours ago, fabriceunko said:

hello, silly question but how do we do it?

 

As far as I'm aware, this has to be done at server level using php ini editor, and adding the line

' disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open '

Whether or not one can do this at a user level, I'm not sure. ??

 

As for creating dangerous functions.

I guess when PHP was being developed, these functions were not considered dangerous, but over the years, as software develops, and hackers learn of work arounds and vulnerabilities, software becomes less safe.

Windows 7 a prime example.

Incidentally, these functions are not CubeCart functions, these are PHP server software functions.

 

I disabled these in my PHP. ini, and up to press I've seen no problems with functionality.

Link to comment
Share on other sites

  • 8 months later...

My current php.ini file links to the ioncube loader.

How do I add the commands required to disable the dangerous php functions?

Will this work?

zend_extension = /htdocs/ioncube/ioncube_loader_lin_7.2.so

disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...