[TYPO3-english] php's disable_functions
claudio.strizzolo at ts.nogarb.ageinfn.it
Mon Nov 30 10:31:59 CET 2009
several security-related sites suggest disabling some potentially
dangerous PHP functions on web servers as a method to improve security,
together with other configurations and tools.
This is done by adding a disable_functions directive to php.ini, i.e.:
Some functionalities in Typo3 (i.e. Imagemagick) need some of those
functions to be enabled (exec, for instance), so some of those functions
cannot actually be disabled.
Could anyone suggest a list of functions that might be safely disabled
through the above directive, without limiting Typo3 capabilities?
I'd like to apply the above to a shared server hosting both Typo3-based
and not-Typo3-based virtual hosts. Unfortunately enough,
disable_functions can not be applied to single virtualhosts.
Thanks in advance,
More information about the TYPO3-english