Frustrating security restrictions

Discussion in 'General' started by rolij, May 19, 2006.

  1. rolij

    rolij New Member

    Hi,
    First I'd like to thank you for your great work! I was really impressed and very confident and I thought I finally found the right product.

    I had absolutely no problem with the perfect setup installation on SuSe 10.0. Everything was working fine until I tried to move the first webs.

    The first script I tried to move was pphlogger, a script I used for years on many different systems without any problems so far. First I get blank pages and I figured out I have to turn off safe mode (what is it for?). Then I tried to setup a user but I had no chance to login with the username and password I gave. It looks like it stores a different password in the db or in a different format or in a different charset or whatever? No chance. Remember, I never had any problems with this script so far. I gave up and decided to try to move the second script.

    The second script's called wsnlinks and it worked like a charm on different systems so far. Again blank screens and I turned off safe mode again (is it possible to run a script in safe mode?!). Then I was able to import the db at least. But it stuck with empty sql error messages. I figured out the charset was wrong (swedish?). I changed it to latin1 general and now the import worked perfect but still blank or completely wrong screens and no useable error messages. Only nothing. I was confused since I have never ever encountered such troubles in the past with these scripts. And I installed them several times on different systems.

    In the apache log file I only get a [error] an unknown filter was not added: PHP. ?

    I don't understand how one can use such a restricted system out of the box. Is it not possible to use such scripts on a system made for hosting providers? On my quick and dirty setups I never had any problems with any script. How can I turn off these security restrictions? Also I don't know how I should explain this to my customers. You can't use these scripts on this server isn't an option.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    First, everything you describe here has nothing to do with the ISPConfig software itself, as ISPConfig supports a wide variety of setups and the security or insecurity of you PHP setup depends on the configuration of your system that is done before ISPConfig is installed.

    I use ISPConfig to host many PHP applications, from simple scripts up to large CMS systmes like Typo3 and all work fine for me.

    1) PHP Safemode is an option of PHP to run scripts in a more secure enviroment. Some PHP scripts (mostly older ones) do not support this, so you may enable or disable it in ISPConfig. Have a look at your php.ini to setup the detailed restrictions of the safemode.

    2) Does your working scripts on your other servers use SuSe 10 too with the same mysql version? MySQL has changed a lot in the last realeases that breaks older PHP scripts.

    3) Many older PHP scripts need register globals set to on. This is also not an ISPConfig restriction, it is set in you php.ini as on every PHP installation.
     

Share This Page