Quantcast

«

»

Jun 17 2008

PHP safe mode shenanigans

I’m on my lunch break, and I’m a bit annoyed right now.  This morning I tried to install the pre-packaged Gallery installer that’s available in my website’s Plesk, and last week I tried to manually install Gallery2, both without success.  Apparently PHP Safe Mode is enabled on my server, meaning I can’t install either, since they were programmed to be able to allow an admin to directly upload pictures and thus the administrator has to be able to mess with the server’s directory structure.

The reason I’m annoyed is, PHP Safe Mode is basically just a way of protecting poorly configured servers from “black hats”.  If the server is configured with a chroot environment (as in, the user of the web site has his own “root” filestructure — and therefore can’t break out of it to mess with other peoples’ sites), then PHP Safe Mode is utterly useless; all it does is serve to break applications and frustrate PHP programmers.  Honestly, the fact that PHP Safe Mode exists at all is kind of silly (even the developers of PHP say so!), considering that anything you can do in PHP, you can also do in CGI, and there’s no such thing as a CGI safe mode.  The only reason I’m upset about this, and not simply switching to CGI, is that CGI is a vastly older web programming protocol, and while useful now and then (especially to black hats!), it is not the programming language of choice for today’s programmer.  No, that honor goes to ASP, the demon-spawn of Microsoft.  It’s only us open source geeks who prefer PHP.

I can see that Safe Mode is turned off for the Unix Pro packages on this server.  I don’t know if it’s really worth paying more a month just so that I can put up a pretty picture gallery.  I guess I might confront the web service about this, and see what they have to say.  Maybe it’s just turned on by default on these cheaper packages, but can be turned off if you ask.  Or maybe they really are holding me hostage, so to speak, to get more money for the “full featured” PHP.

But I’m not going to call them today.  Today, I’m a bit busy at work, and I intend to get in touch with a mortgage broker during my spare time this afternoon… if I even get any.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>