Clientexec ini_set issue?

[mikelato]

Hi,

I run clientexec, and it requires the ini_set function in php. I was told by a few sources to disable that function for security. Is there any way to enable that function for an individual user so that my clients cannot use the function but I can on my site? If so, is this still secure and if not does anyone know a work around?

Thanks,
Mike

 

[smtalk]

Use suhosin:
http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.func.whitelist
http://www.hardened-php.net/suhosin/configuration.html#suhosin.executor.func.blacklist

 

[mikelato]

I use that software as well but is it safe to enable that function? Or does suhosin monitor scripts to make sure that that function is not used to cause problems?