Add to Favorites
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Hardware and Server Configuration > php.ini security
forgot password?


Reply
 
LinkBack Thread Tools


Old
  Post #1 (permalink)   11-06-2004, 12:08 PM
HD Newbie
 
Join Date: Nov 2004
Posts: 1

Status: OdorCide is offline
Hello, hope I put this in the right forum. I'm having some trouble with my hosting company. I'm trying to finnish up my install of php gallery. I'm unable to upload videos bigger then 2MB, looks like the php.ini file has to be edited. Here is the original text of our conversation.

Quote:
Hey Tom, seem to have some problems with my Gallery install. I'm unable to upload videos/files over 2mb. Seems I have to change some settings in the php.ini file.

I saw that the config file is located here usr/local/lib/php.ini

Could you please let me know if I have access to change it and if not could you make the needed changes for me?

Here is the needed changes

Code:
Edit your PHP.INI file on the server
      PHP.INI: MAX_EXECUTION_TIME = 2400 (in seconds)
      PHP.INI: MEMORY_LIMIT = 128M
      PHP.INI: POST_MAX_SIZE = 128M
      PHP.INI: UPLOAD_MAX_FILESIZE = 128M
Link to original fix,
http://marc.theaimsgroup.com/?l=gall...9601604892&w=2

Thanks

--------------------------------------------------------------------------

No, you dont have access to these, nobody but myself does. It will not be changed because of a security issue.

Having the ability to upload a file larger then 2MB, expecially in a global environment could have a devestating effect on the server.
Is that right? Does having the ability to upload files larger then 2MB really a security issue? I mean I can upload a 500MB video via FTP just fine

If this isn't correct can anyone point me to some data that I can show to my host to allow me to do this? Thanks in advance.

Cheers,
Justin
 
 
 


Old
  Post #2 (permalink)   11-06-2004, 10:38 PM
HD Community Advisor
 
ANMMark's Avatar
 
Join Date: Sep 2004
Location: Pennsylvania
Posts: 1,580

Status: ANMMark is offline
I really don't know of any hard security risk for this. This is generally a host's option, and they have the final say of course.

2M is the default recommended php.ini setting, for upload_max_filesize

The thing is however, tha allowing users to upload files via php, in and of itself poses a security risk, as php variables can be manipulated.

In any case, if you must increase the size of upload_max_filesize, why not simply install your own copy of PHP within your own account?

If you want to try that, and have SSH access, let me know, and I'll walk you through it.
__________________
Mark - Co-President/Lead Developer
avidInteractive Software
The ServeraSuite 2007 Award Winning Professional Server Monitoring Solution - Click here
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




Contact Us | HostingDiscussion.com | Advertising (with spam verification) | Archive

© 2000-2008 HostingDiscussion.com. All right reserved.
Web Hosting by Micfo.com
All times are GMT -6. The time now is 06:52 PM.
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0