PLESK 8.4 中的 PHP safe_mode 默认值为 ON。 为什么?
我想知道为什么 PLESK 中 PHP safe_mode 的默认值是 ON。 我怀疑这是一个安全问题,但这到底有什么用呢?
ps 作为一名缺乏经验的 Web 开发人员,我花了几个小时想知道为什么 .php 文件被下载而不是在我的服务器上运行。 原因是这个 php 默认 safe_mode 处于开启状态,我通过对 plesk 控制面板的设置进行随机合理的外观更改找到了解决方案。 通过问这个问题,我想为我在这个荒谬的问题上损失的令人沮丧的时间找到安慰。 对我来说,默认情况下不运行 .php 文件并且不明确解释它们为什么不起作用是愚蠢的。
I am wondering why is the default value of the PHP safe_mode ON in PLESK. I suspect it is a security issue but how exactly is this useful?
p.s. As an inexperienced web-developer I spend some hours wondering why the .php files were downloaded instead of run on my server. The reason was that this php default safe_mode was ON and I found the solution by just making random reasonable looking changes to the settings of the plesk control panel. By asking this question I want to find consolation for the frustrating time I lost on this ridiculous problem. For me not to run .php files by default and not explicitly explaining why they don't work is just dumb.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
显示而不是执行文件时遇到的问题与
safe_mode
的设置无关。safe_mode
对于确保您的脚本无法执行可能允许黑客侵入您的服务器的潜在不安全操作至关重要。听起来您已经成功地随机更改了实际将
.php
文件链接到mod_perl
的设置,以便它们正确运行,但如果您不知道自己在做什么你真的应该重新打开safe_mode
。另外,作为调试问题时的一般经验法则:一次只更改一件事,然后在每次更改之间进行测试。 这将有助于消除关于哪些更改真正解决了问题的虚假假设......
The problem you have with your files being displayed instead of executed is independent of the setting for
safe_mode
.safe_mode
is crucial to ensure that your scripts can't perform potentially unsafe operations that might allow a hacker to break into your server.It sounds like you've managed to randomly changed the setting that actually links
.php
files tomod_perl
so that they run correctly, but if you don't know what you're doing you really should turnsafe_mode
back on.Also, as a general rule of thumb when debugging problems: only change one thing at a time and then test between each change. This will help eliminate spurious assumptions about which change actually fixed the problem...