Jump to content

PHP functions


keat
 Share

Recommended Posts

Security advisor on my server suggests:

You should consider disabling commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list:

 

Are all these safe to remove as far as Cubecart V6 goes.

Link to comment
Share on other sites

9 hours ago, fabriceunko said:

hello, silly question but how do we do it?

 

As far as I'm aware, this has to be done at server level using php ini editor, and adding the line

' disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open '

Whether or not one can do this at a user level, I'm not sure. ??

 

As for creating dangerous functions.

I guess when PHP was being developed, these functions were not considered dangerous, but over the years, as software develops, and hackers learn of work arounds and vulnerabilities, software becomes less safe.

Windows 7 a prime example.

Incidentally, these functions are not CubeCart functions, these are PHP server software functions.

 

I disabled these in my PHP. ini, and up to press I've seen no problems with functionality.

Edited by keat
Link to comment
Share on other sites

  • 8 months later...

My current php.ini file links to the ioncube loader.

How do I add the commands required to disable the dangerous php functions?

Will this work?

zend_extension = /htdocs/ioncube/ioncube_loader_lin_7.2.so

disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...