[wp-hackers] Re: [OT] Resources for Defending Against Blog Attacks
docwhat+list.wp.hackers at gerf.org
Fri Aug 10 14:49:28 GMT 2007
* Alex Günsche (ag.ml2007 at zirona.com) [070808 15:22]:
> * As for PHP: Also use only modules you need, and use open_basedir
> restrictions. Safe Mode is rubbish, but open_basedir can really protect
> your system if there's a leak in a PHP application. (When setting up
> open_basedir restrictions, set them per vHost, and put the tmp path into
> the same folder. No global /tmp for webapps.)
The setting for the apache.conf file for open_basedir is:
php_value open_basedir '/path/to/your/webbase/'
Don't forget the trailing '/' as the string is just a prefix check.
How do you set the local tmp directory?
Now is the time for all good men to come to.
-- Walt Kelly
The Doctor What: Need I say more? http://docwhat.gerf.org/
docwhat *at* gerf *dot* org KF6VNC
More information about the wp-hackers