Portal Home > Knowledgebase > Articles Database > PHP system()?
PHP system()?
| Posted by slowmail, 03-03-2010, 12:54 PM |
| I have a cpanel VPS, and recently a client has asked if I can enable system() in PHP.
Are there any good reasons -not- to enable it, or is it fine for me to do so?
|
| Posted by Lightwave, 03-03-2010, 01:01 PM |
| It depends entirely on the quality and security of the php code they intend to run.
Personally, I think restricting PHP functions is the wrong way to go about security. But, then most hosts don't even have a clue how to best run PHP code.
|
| Posted by FrankLaszlo, 03-03-2010, 01:04 PM |
| You can't always trust what customers are going to run on their sites. system() and functions like it can be a security concern, but typically its only going to affect that certain client with a properly secure server should it be hijacked.
That being said, we typically keep safe_mode off.
|
| Posted by whmcsguru, 03-03-2010, 01:05 PM |
| I absolutely agree here.
Is system() insecure? Absolutely, it can be. However, it can be useful as well. I think you need to know more about the user's script and why it needs system() before you make the call whether or not to re-enable it.
|
| Posted by slowmail, 03-03-2010, 01:10 PM |
| Is it possible to enable system() for a single script and/or user only? Or can it only be enabled/disabled for 'all clients'?
|
| Posted by fwaggle, 03-03-2010, 03:22 PM |
| Honestly, I'm no expert when it comes to PHP... but about every PHP script I've ever seen that uses system() winds up being idiotic in other respects. Most people fall back to using system() because they can't be bothered finding a decent way to do something.
A good example is zipping stuff up, people often claim this is the ultimate reason for enabling system() - when PHP has built-in functions for managing archives itself in a much safer fashion.
I would just keep that in mind before enabling it.
|
Add to Favourites 
Print this Article
Also Read
