Hacker News new | past | comments | ask | show | jobs | submit login

It's not just Apache you need to configure - PHP ignores Apache's directory access configurations entirely, you need open_basedir and preferably something like suPHP.

Disabling shell functions (system, exec, etc.) is also a good idea, unless the application itself requires them (e.g. if the host is too stupid/lazy to have the imagick extension installed and tells you to call /usr/bin/imagick instead...).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: