php.ini security

O

OdorCide

New member
Hello, hope I put this in the right forum. I'm having some trouble with my hosting company. I'm trying to finnish up my install of php gallery. I'm unable to upload videos bigger then 2MB, looks like the php.ini file has to be edited. Here is the original text of our conversation.

Hey Tom, seem to have some problems with my Gallery install. I'm unable to upload videos/files over 2mb. Seems I have to change some settings in the php.ini file.

I saw that the config file is located here usr/local/lib/php.ini

Could you please let me know if I have access to change it and if not could you make the needed changes for me?

Here is the needed changes

Code: 
Edit your PHP.INI file on the server
      PHP.INI: MAX_EXECUTION_TIME = 2400 (in seconds)
      PHP.INI: MEMORY_LIMIT = 128M
      PHP.INI: POST_MAX_SIZE = 128M
      PHP.INI: UPLOAD_MAX_FILESIZE = 128M

Link to original fix,
http://marc.theaimsgroup.com/?l=gallery-users&m=102589601604892&w=2

Thanks

--------------------------------------------------------------------------

No, you dont have access to these, nobody but myself does. It will not be changed because of a security issue.

Having the ability to upload a file larger then 2MB, expecially in a global environment could have a devestating effect on the server.
Click to expand...

Is that right? Does having the ability to upload files larger then 2MB really a security issue? I mean I can upload a 500MB video via FTP just fine :dknow:

If this isn't correct can anyone point me to some data that I can show to my host to allow me to do this? Thanks in advance.

Cheers,
Justin
 
I really don't know of any hard security risk for this. This is generally a host's option, and they have the final say of course.

2M is the default recommended php.ini setting, for upload_max_filesize

The thing is however, tha allowing users to upload files via php, in and of itself poses a security risk, as php variables can be manipulated.

In any case, if you must increase the size of upload_max_filesize, why not simply install your own copy of PHP within your own account?

If you want to try that, and have SSH access, let me know, and I'll walk you through it.
 
You must log in or register to reply here.

Supporters

Back
Top