What is PHP Safe Mode?

The general term “safe mode” refers to a state in which a software application has been stripped to its bare minimum configuration, usually in order to troubleshoot stability or security issues. Windows users who have experienced any type of serious system anomalies have undoubtedly been forced to boot into safe mode at one time or another.

In PHP, safe mode is a security feature that was designed to prevent hackers from being able to use PHP scripts to execute commands at the operating system level (such as Linux shell commands).

It was intended to be a security method for web applications running on shared hosting accounts, as VPS and dedicated servers running single web hosting accounts did not need it. It never functioned well, however, and PHP developers have removed it from the upcoming version 6 release.

The primary problem is that some basic functions required by web scripts would simply not work with PHP safe mode enabled. Dedicated server owners who sold shared hosting accounts to customers were forced to either upset the customers, by providing them with locked-down accounts, or find other security tools, such as ModSecurity.

Joomla, in particular, has never played well with safe mode, and the developers recommend disabling it, in order to get the full benefit of the content management system’s functionality. To disable PHP safe mode on a server, edit the php.ini file (often found in /etc/php) and modify the following line:

safe_mode = Off

To determine if safe mode is actually off, you can create a php info file called phpinfo.php containing the this code:

< ?php
phpinfo();
?>

Run the script in your web browser for a full printout of PHP configurations. Finally, look for the safe mode section and make sure it says “off”.

Related Posts











Comments: