Setting certain environment variables may be a potential security breach. The safe_mode_allowed_env_vars directive contains a comma-delimited list of prefixes. In Safe Mode, the user may only alter environment variables whose names begin with the prefixes supplied by this directive. By default, users will only be able to set environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). Note: if this directive is empty, PHP will let the user modify ANY environment variable!
The safe_mode_protected_env_vars directive contains a comma-delimited list of environment variables, that the end user won't be able to change using putenv(). These variables will be protected even if safe_mode_allowed_env_vars is set to allow to change them.
因为使用PHP设置环境变量存在隐藏的安全隐患。
safe_mode_protected_env_vars受保护的环境变量列表会限制你更改环境变量,防止你的Hacking Attempt。
IP卡
狗仔卡
发表于 2005-12-6 11:08:49
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
发表于 2005-12-7 09:39:03