I am having some difficulty getting an application to run because the
web-hoster uses "safe mode." Other than getting another web-hoster, or
having the web-hoster turn safe mode off, what can I do?

What exactly does safe mode do? Is it effective? I understand that a
lot of experienced developers consider safe mode to be an ineffective
annoyance - why is that?

I also understand that safe mode is not as popular as it once was. Is
that correct? If so, why?

Thanks, in advance, for any you can give me.

walterbyrd wrote:
> I am having some difficulty getting an application to run because the
> web-hoster uses "safe mode." Other than getting another web-hoster, or
> having the web-hoster turn safe mode off, what can I do?
>
> What exactly does safe mode do? Is it effective? I understand that a
> lot of experienced developers consider safe mode to be an ineffective
> annoyance - why is that?
>
> I also understand that safe mode is not as popular as it once was. Is
> that correct? If so, why?
>
> Thanks, in advance, for any you can give me.
>

Usually that refers to the way PHP is set-up. If you are not using PHP,
then don't worry about it. Otherwise... well it disables some of the
functionality of PHP that could be potentially harmful to the server in
the wrong hands. Some open source scripts do insist on safe mode being
disabled.

--

x theSpaceGirl (miranda)

http://www.northleithmill.com

-.-

Kammy has a new home: http://www.bitesizedjapan.com

On Mon, 15 Oct 2007 09:55:16 -0700, walterbyrd put finger to keyboard
and typed:

>I am having some difficulty getting an application to run because the
>web-hoster uses "safe mode." Other than getting another web-hoster, or
>having the web-hoster turn safe mode off, what can I do?

Nothing, really. Those are the two best options. I'd go for the first.

>What exactly does safe mode do?

It's intended to make PHP safer by disabling some functionality that,
under some circumstances, can be dangerous to the server.

> Is it effective?

No. It's not even reccommended any more by the PHP developers - recent
versions of PHP are more secure by design, and the use of safe mode is
unnecessary.

> I understand that a
>lot of experienced developers consider safe mode to be an ineffective
>annoyance - why is that?

Because it's an ineffective annoyance. It gives the hosting company a
false sense of security at the expense of making good PHP more
difficult to write.

>I also understand that safe mode is not as popular as it once was. Is
>that correct?

Yes, that's correct.

>If so, why?

Because it's no longer necessary. PHP used to be riddled with security
holes; now, it's just got the odd hole here and there. Safe mode does
nothing about the holes that still exist, and the ones it was
originally intended to guard against have now been fixed by later
releases of the software.

Personally, I wouldn't use a webhost that insists on safe mode. It
either means that they're still using an old version of PHP which is
so insecure that safe mode is ful - in which case, it's too old
for anything useful, and too insecure for any website of mine - or
they don't know enough about PHP to realise that it's no longer
necessary - in which case, they're not competant enough for any
website of mine.

Mark
--
http://www.MotorwayServices.info - read and share comments and opinons
"Everybody's changing and I don't feel the same"

Hello,
Basically safe mode comes into picutre if you have taken shared
hosting services.
Hosting provider basically for the security purpose doesnt provide all
the features that a php needs , but keeps it limited meaning a safe
mode.

Safe mode is a precauationary measurement for shared hosting provider
so that developers may not get full required access on the server
wherein other websites are too hosted(shared hosting(

Regards,
webwayworld.com


On Oct 15, 9:55 pm, walterbyrd <walterb...@iname.com> wrote:
> I am having some difficulty getting an application to run because the
> web-hoster uses "safe mode." Other than getting another web-hoster, or
> having the web-hoster turn safe mode off, what can I do?
>
> What exactly does safe mode do? Is it effective? I understand that a
> lot of experienced developers consider safe mode to be an ineffective
> annoyance - why is that?
>
> I also understand that safe mode is not as popular as it once was. Is
> that correct? If so, why?
>
> Thanks, in advance, for any you can give me.

In <1192592385.065042.141890@e9g2000prf.googlegroups. com>,
webwayworld <webwayworld@gmail.com> mentions:
>Hello,
>Basically safe mode comes into picutre if you have taken shared
>hosting services.
>Hosting provider basically for the security purpose doesnt provide all
>the features that a php needs , but keeps it limited meaning a safe
>mode.
>
>Safe mode is a precauationary measurement for shared hosting provider
>so that developers may not get full required access on the server
>wherein other websites are too hosted(shared hosting(

>On Oct 15, 9:55 pm, walterbyrd <walterb...@iname.com> wrote:
>> I am having some difficulty getting an application to run because the
>> web-hoster uses "safe mode." Other than getting another web-hoster, or
>> having the web-hoster turn safe mode off, what can I do?
>>
>> What exactly does safe mode do? Is it effective? I understand that a
>> lot of experienced developers consider safe mode to be an ineffective
>> annoyance - why is that?
>>
>> I also understand that safe mode is not as popular as it once was. Is
>> that correct? If so, why?
>>
>> Thanks, in advance, for any you can give me.

Last time I looked into safe_mode (and how it is typically deployed) I felt
that it might be called "unsafe mode" because, from what I observed anyway,
there wasn't really a way to store code and data outside of web space.

http://www.geniegate.com/art/pdf/kee...ff-the-web.pdf

In a nutshell, PHP programs written for safe_mode will often have their
configuration data stored as a .php (instead of a .ini) in an effort to
prevent the web server from serving it up. This usually works, but we've
probably all seen hiccups where the web server treats a PHP file as a text
file (botching the filetype associations)

They also use .htaccess files, this works, sort of.. until someone screws
up the config. (which is some-what likely to happen during experimentation)

Unless something has changed (and I must admit, I'm no "safe mode" expert)
I believe safe mode is not only a "bad idea" it can actually lead to unsafe
scripts.

Jamie
--
http://www.geniegate.com Custom web programming
Perl * Java * UNIX User Management Solutions

Jamie wrote:
> In <1192592385.065042.141890@e9g2000prf.googlegroups. com>,
> webwayworld <webwayworld@gmail.com> mentions:
>> Hello,
>> Basically safe mode comes into picutre if you have taken shared
>> hosting services.
>> Hosting provider basically for the security purpose doesnt provide all
>> the features that a php needs , but keeps it limited meaning a safe
>> mode.
>>
>> Safe mode is a precauationary measurement for shared hosting provider
>> so that developers may not get full required access on the server
>> wherein other websites are too hosted(shared hosting(
>
>> On Oct 15, 9:55 pm, walterbyrd <walterb...@iname.com> wrote:
>>> I am having some difficulty getting an application to run because the
>>> web-hoster uses "safe mode." Other than getting another web-hoster, or
>>> having the web-hoster turn safe mode off, what can I do?
>>>
>>> What exactly does safe mode do? Is it effective? I understand that a
>>> lot of experienced developers consider safe mode to be an ineffective
>>> annoyance - why is that?
>>>
>>> I also understand that safe mode is not as popular as it once was. Is
>>> that correct? If so, why?
>>>
>>> Thanks, in advance, for any you can give me.
>
> Last time I looked into safe_mode (and how it is typically deployed) I felt
> that it might be called "unsafe mode" because, from what I observed anyway,
> there wasn't really a way to store code and data outside of web space.
>

Sure there is. It just depends on how safe_mode is implemented. I
store all of my files outside of the webserver's root directory.

> http://www.geniegate.com/art/pdf/kee...ff-the-web.pdf
>
> In a nutshell, PHP programs written for safe_mode will often have their
> configuration data stored as a .php (instead of a .ini) in an effort to
> prevent the web server from serving it up. This usually works, but we've
> probably all seen hiccups where the web server treats a PHP file as a text
> file (botching the filetype associations)
>
> They also use .htaccess files, this works, sort of.. until someone screws
> up the config. (which is some-what likely to happen during experimentation)
>
> Unless something has changed (and I must admit, I'm no "safe mode" expert)
> I believe safe mode is not only a "bad idea" it can actually lead to unsafe
> scripts.
>
> Jamie

It's an idea, but too many people implemented it improperly.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================