disable ini_set, what are the risks?

bgarrant

• January 28, 2015 05:59

I have a shared hosting server using latest cPanel. Works great but we have had ini_set enabled for years until now. It was recommended in several forums and by CSF to disable ini_set, but when we do it some sites have issues. I wish there was a safe way to just enable on a per site basis but I have not found one. Allowing a custom php.ini is also disabled for security. So my question is what damage can ini_set really do on a shared host using suPHP? Is there any way to just allow ini_set on a few sites without allowing php.ini files pet site? Allowing php.ini seems like an even bigger security risk. Any advice is greatly appreciated.

• 

  bgarrant

  • January 28, 2015 11:12

  I have setup the first option in this post to disable individual php.ini files.

  0
• 

  cPanelMichael

  • January 29, 2015 18:51

  Hello :) You may find the following similar thread helpful: ini_set question Thank you.

  0
• 

  iso99

  • February 06, 2015 04:55

  I've worked with cPanel servers for years and I feel that ini_set is safe. Most CMSs use this function and it's actually convenient for users to have this enabled. For better security, go with Cloudlinux to have important resources limited. You may also opt for the individual php.ini to be disabled, as posted by bgarrant. If you have trusted users that really need custom configuration, have them contact you and do it on your end instead: [url=http://docs.cloudlinux.com/index.html?substitute_global_php_ini_for_.html]CloudLinux Documentation

  0

Please sign in to leave a comment.