Teach Yourself PHP in 10 Minutes [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Teach Yourself PHP in 10 Minutes [Electronic resources] - نسخه متنی

Chris Newman

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Displaying Validation Warnings

Enforcing Data Rules

Highlighting Fields That Require Attention

Summary

Lesson 14. Cookies and Sessions

Cookies

Sessions

Summary

Lesson 15. User Authentication

Types of Authentication

Building an Authentication System

Summary

Lesson 16. Communicating with the Web Server

HTTP Headers

Server Environment Variables

Summary

Lesson 17. Filesystem Access

Managing Files

Reading and Writing Files

Summary

Lesson 18. Host Program Execution

Executing Host Programs

The Host Environment

Security Considerations

Summary

Lesson 19. Using a MySQL Database

Using MySQL

Executing SQL Statements

Debugging SQL

Summary

Lesson 20. Database Abstraction

The PEAR DB Class

Database Portability Issues

Summary

Lesson 21. Running PHP on the Command Line

The Command-Line Environment

Writing Scripts for the Command Line

Summary

Lesson 22. Error Handling

Error Reporting

Summary

Lesson 23. PHP Configuration

Configuration Settings

Configuration Directives

Loadable Modules

Summary

Lesson 24. PHP Security

Safe Mode

Other Security Features

Summary

Lesson 25. Using PEAR

Introducing PEAR

Using PEAR

Summary

Appendix A. Installing PHP

Linux/Unix Installation

Windows Installation

Troubleshooting
توضیحات
افزودن یادداشت جدید






Safe Mode


PHP's Safe Mode attempts to provide a degree of basic security in a shared environment, where multiple user accounts exist on a PHP-enabled web server.

When a web server is running PHP in Safe Mode, some functions are disabled completely, and others are available with limited functionality.

Restrictions Enforced by Safe Mode


Functions that attempt to access the filesystem have restricted functionality in Safe Mode. The web server process runs under the same user ID for all web space accounts and must have the appropriate read or write permission to access a file. This is a requirement of the underlying operating system and has nothing to do with PHP itself.

When Safe Mode is enabled and an attempt is made to read or write a local file, PHP checks whether file ownership of the script is the same as that of the target file. If the owner differs, the operation is prohibited.

Write Permission
Although Safe Mode implements measures to prevent you from opening another user's files through PHP, the operating system's file permissions may still allow read or even write access to those files at a lower level. Be aware that a user who has shell access to the web server will be able to read any files that are accessible by the web server and write to any file that has global write permission.

The following core filesystem functions are restricted by this rule:

chdir

move_uploaded_file

chgrp

parse_ini_file

chown

rmdir

copy

rename

fopen

require

highlight_file

show_source

include

symlink

link

touch

mkdir

unlink

Functions that are part of PHP extensions that also access the filesystem are similarly affected.

Loadable Modules
The dl function is disabled in Safe Mode, regardless of the owner of the extension file. Extensions must be loaded into PHP at startup, using the extension directive in php.ini.

Functions that execute host programs are disabled unless they are run from the directory given in the safe_mode_exec_dir directive, which you will learn about in the next section. Even if execution is allowed, arguments to the commands are automatically passed to the escapeshellcmd function.

The following program execution functions are affected by this rule:

exec

shell_exec

passthru

system

popen

In addition, the backtick operator (`) is disabled.

The putenv function has no effect when run in Safe Mode, although no error is produced. Similarly, other functions that attempt to change the PHP environment, such as set_time_limit and set_include_path, are ignored.

Enabling Safe Mode


You turn Safe Mode on or off by using the safe_mode directive in php.ini. To activate Safe Mode for all users on a shared web server, you use the following directive:


safe_mode = On

As you learned in the previous section, functions that access the filesystem perform a check on the owner of the file. By default, the check is performed on the file owner's user ID, but you can relax this to check the owner's group ID (GID) instead by turning on the safe_mode_gid directive.

If you have shared library files on your system, you can use the safe_mode_include_dir directive to get a list of locations for which the UID/GID check will not be performed when an include or require statement is encountered.

Include Directories
If you want to list more than one location in the safe_mode_include_dir directive, you can separate them using colons on Linux/Unix or semicolons on Windows systemsjust as you do with the include_path setting.

To allow inclusion of files in /usr/local/include/php for any user in Safe Mode, you would use the following directive:


safe_mode_include_dir = /usr/local/include/php

To provide a location from which the system can be executed, you use the safe_mode_exec_dir directive.

To allow programs in /usr/local/php-bin to be executed in Safe Mode, you would use the following directive:


safe_mode_exec_dir = /usr/local/php-bin

Executables
Rather than allow execution of all programs from /usr/bin or some other system location, you should create a new directory and copy or link only selected binaries into it.

To allow setting of certain environment variables, you use the safe_mode_allowed_env_vars directive. The value given is a prefix, and by default it allows only environment variables that begin with PHP_ to be changed. If more than one value is given, the list should be separated by commas.

The following directive also allows the time zone environment variable, TZ, to be changed:


safe_mode_allowed_env_vars = PHP_,TZ


/ 126