NetHosted Community

I would like to be able to run the mailing list app PHPList, but I read that it needs PHP to be running with safe mode off if it is to work properly. Do you allow that? I believe the same issue applies to some PHP apps too.

Hi,

Thanks for your interest in NetHosted. I can confirm safe_mode is off, and that we have PHPList available to install via Fantastico, so you can get it up and running with just a few clicks of your mouse.

Hope that helps,

Andrew

_________________
| Andrew Bassett
| Managing Director, NetHosted Ltd.
| Earn £30 every time you refer someone to us!
| Follow us on Twitter:
| Members, tell us what of NetHosted!

Thanks, that sounds very promising. Just out of interest though, I read that most shared host providers do not allow PHP to be run with safe mode off because of security issues. Now I'm not trying to catch you out here, but it would be interesting to hear your view on that. Perhaps you have other measures in place to avoid the alleged security risk?

Hi,

Safe mode has inherent side effects, the benefits it offers are outweighed by these we've found in our experience.

Thanks,

Andrew

_________________
| Andrew Bassett
| Managing Director, NetHosted Ltd.
| Earn £30 every time you refer someone to us!
| Follow us on Twitter:
| Members, tell us what of NetHosted!

Could you be a bit more specific about the side effects (of having safe mode ON) and the benefits (of having safe mode OFF), with particular reference to security. Off course it is great that PHPList can run properly with safe mode off, but if that means my subscriber database is liable to be exposed to hackers or that hackers could spam my subscribers then I would be concerned.

There is no need, we can enable safe mode for your account if you are concerned

How many people are on the list? A large list could be a problem you see. If the volume of emails sent is too high your account might not be suitable to be hosted in a shared environment.

Andrew

_________________
| Andrew Bassett
| Managing Director, NetHosted Ltd.
| Earn £30 every time you refer someone to us!
| Follow us on Twitter:
| Members, tell us what of NetHosted!

It's my understanding that safe mode primarily prevents people from being able to access files they might not be supposed to using PHP (which in a lot of cases is useless, since they can do it with another language anyway). It causes an awful lot of hassle having to CHMOD 2777 things and in a lot of cases that will make sites a lot more at risk to outside attackers.

If I recall, PHP6 will remove Safe Mode anyway (as well as register_globals) -- it's not a great loss.

Mike

_________________
"I have made this letter long, only because I lacked the time to make it short." - Blaise Pascal 1657

As is mentioned in Hollywood movies all the time: nothing is completely secure.

You don't often hear of any problems though. The point is more that if someone knew how to access your files through PHP with safe mode off, having safe mode turned on wouldn't stop them anyway (they would know enough that they don't need PHP to do it).

It's not the only method of security in any case. I've never actually tried, but I should imagine that if I were to put a PHP app on my account on Pluto right now, and tell it to delete all the files on someone elses account, it wouldn't work (heck, I'd be surprised if it would even work on my own account without first setting some permissions, even with safe mode off).

I think the general concencus is that no data on any type of server, save perhaps a completely cut-off-from-the-outside-server-simply-for-internal-use, is ever entirely secure. That's why we encrypt sensative data.

Mike

_________________
| Andrew Bassett
| Managing Director, NetHosted Ltd.
| Earn £30 every time you refer someone to us!
| Follow us on Twitter:
| Members, tell us what of NetHosted!

_________________
| Andrew Bassett
| Managing Director, NetHosted Ltd.
| Earn £30 every time you refer someone to us!
| Follow us on Twitter:
| Members, tell us what of NetHosted!