phppleskphp-safe-mode

PHP safe_mode default value in PLESK 8.4 is ON. WHY?


I am wondering why is the default value of the PHP safe_mode ON in PLESK. I suspect it is a security issue but how exactly is this useful?

p.s. As an inexperienced web-developer I spend some hours wondering why the .php files were downloaded instead of run on my server. The reason was that this php default safe_mode was ON and I found the solution by just making random reasonable looking changes to the settings of the plesk control panel. By asking this question I want to find consolation for the frustrating time I lost on this ridiculous problem. For me not to run .php files by default and not explicitly explaining why they don't work is just dumb.


Solution

  • The problem you have with your files being displayed instead of executed is independent of the setting for safe_mode.

    safe_mode is crucial to ensure that your scripts can't perform potentially unsafe operations that might allow a hacker to break into your server.

    It sounds like you've managed to randomly changed the setting that actually links .php files to mod_perl so that they run correctly, but if you don't know what you're doing you really should turn safe_mode back on.

    Also, as a general rule of thumb when debugging problems: only change one thing at a time and then test between each change. This will help eliminate spurious assumptions about which change actually fixed the problem...