Best Practices for Safe Mode and Open Base Dir
- Thread starter boonchuan
- Start date
Left them both off. Safe mode is removed in PHP6, so relying on it isn't really a very good practice IMO anyways. Same with Register Globals. Open Base Dir isn't bad and I feel can be left up to the owner of the server whether or not to be left on as it usually makes little difference except for software with a particular structure. It might also come in handy in case you get exploited, but that just decreases the amount of possible damage. It still doesn't excuse your buggy coding.
jlandes
Verified User
Safe Mode and Open Base Dir are turned on with my new accounts by default. If Safe Mode causes a problem, I'll turn it off for the domains that need it.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Dravu, what you write makes a lot of sense for single-domain hosting where you have full control over the code on the server.
For shared hosting we leave both SafeMode and Open Basedir on because we don't want to have to tell our clients that their site was hacked because some other site had bad code.
I know it doesn't protect against everything but it helps.
And we don't run PHP6 as of yet, because we know it'll break a lot of scripts on our servers.
Jeff
For shared hosting we leave both SafeMode and Open Basedir on because we don't want to have to tell our clients that their site was hacked because some other site had bad code.
I know it doesn't protect against everything but it helps.
And we don't run PHP6 as of yet, because we know it'll break a lot of scripts on our servers.
Jeff
Very true. I guess it just depends on what you're using it for. You can never trust the users unfortunately. =/
.