Is it safe to turn off "exec" dunstion in php.ini?

[bartkob]

I'd like to use FFMpeg to create thumbnails from videos. I tried, but I couldn't install ffmpeg-php from source. So, the only solution I have is turn oon "exec" function previously disabled in php.ini.
Do you think is it right solution? Server will be secure in the same way? I am using CSF firewall and latest PHP, Apache, Directadmin.

 

[SeLLeRoNe]

Is less secure but the server will still load fine.

Why your FFMpeg installation failed? What was going to change if you were able to install from source?

Best regards

 

[bartkob]

FFMpeg-php is what caused me a lot of problems.There is a lot of errors during "make" and when I fix one there is another. FFmpeg wasn't updated since 2008 and probably it is not wise to rely on it. I am not afraid about server load, but only about security. My users upload gifs and other images, but I'd like to give them possibility to upload mp4. FFMpeg is needed to generate thumbnails and probably for rescale video file.

 

[SeLLeRoNe]

The problem woudln't be the load, but the security, allowing the exec command to the user may be the cause of problems if a user website get hacked (or even the reason why).

I would highly suggest to fix those "make" problems and use FFMpeg as extension rather than allow the exec command, but, is up to you

Best regards