[wp-hackers] is php code in index.php dangerous?

Alex nessence at gmail.com
Wed Jul 21 17:54:43 UTC 2004 

Might checkout
http://us2.php.net/manual/en/features.safe-mode.php#ini.open-basedir
and check with docs on how to set this and user/group settings in a
virtual server.

While WP imo is a public-service-ready blog tool, creating a secure
environment for hosting any script is not within the scope of WP.

On Sun, 18 Jul 2004 23:37:53 +0800, Eric Nash <ericnash at gmail.com> wrote:
> luckly, wp is strictly personal, not public-service-ready blog tool.
> 
> 
> 
> On Sun, 18 Jul 2004 08:20:46 -0700, Jason goldsmith <unteins at gmail.com> wrote:
> > At least some php yes.....
> >
> > You can't prevent someone from running php.....but you CAN configure
> > php to disallow the use of functions from php. So, you could find
> > disable a large portion of PHP by not letting those functions be used.
> >
> >
> >
> > On Sun, 18 Jul 2004 07:57:38 -0600, Alex King <alex at alexking.org> wrote:
> > > I'm pretty sure you can execute PHP from w/in a Smarty template.
> > >
> > > --Alex
> > >
> > > http://www.alexking.org/
> > >
> > >
> > >
> > >
> > > On Jul 18, 2004, at 7:54 AM, Mark Wubben wrote:
> > >
> > > > On Sun, 18 Jul 2004 22:34:02 +1000, Michael G <michael at wakeless.net>
> > > > wrote:
> > > >> The wordpress template is all PHP code, it doesn't use templates in
> > > >> the
> > > >> commonly used meaning of the word. I thought I saw that that was in
> > > >> the
> > > >> pipeline but certainly not at this point in time.
> > > >
> > > > Eric, you might build a template system (e.g. Smarty) on top of
> > > > WordPress. If you then prevent your users from installing plugins you
> > > > should be fine.
> > >
> > > _______________________________________________
> > > hackers mailing list
> > > hackers at wordpress.org
> > > http://wordpress.org/mailman/listinfo/hackers_wordpress.org
> > >
> >
> > _______________________________________________
> > hackers mailing list
> > hackers at wordpress.org
> > http://wordpress.org/mailman/listinfo/hackers_wordpress.org
> >
> 
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org
>

More information about the hackers mailing list