(08-21-2014, 09:41 AM)Me.B Wrote: This is again bad for security. AS if any hacker able to access php.ini he will be able to change it a then unlock openbase DIR!
Custom php.ini like in cpanel rely on another lock down using for each user locking to home directory while zpanel/sentora use ONE apache user for ALL WEBSITES.
It won't be secure unless you change ALL the way how apache is implemented and permission unless you want to feel the bite.
M B
@me.b
From the test run setting the php.ini in the vhost and also setting the php_values the values trumpted the .ini.
Unless I am doing something wrong...(more than possible!!!) then I believe that the openbasedirs would still be set by the vhost entries not the php.ini
If I am wrong and security is compromised by this well then as you said I shall have to have go from ground up and fiddle with apache.
