Jump to content

Dangerous PHP Functions

  1. Dangerous PHP Functions Enabled

    Some functions are enabled on your server which have the potential to cause serious damage to your community or server. If you are in a shared hosting environment, some of these functions may bypass the restrictions which prevent one account on the server affecting another. Their presence also increases the amount of damage that could be caused if your AdminCP is compromised.
    Since Invision Community, and most other web applications do not use these functions, we recommend disabling them on your server, at least within the directory that your community is installed in. You should contact your hosting provider or system administrator and ask them to be added to the disable_functions PHP setting.
    exec system passthru popen proc_open shell_exec

    This warning in your ACP is a strong recommendation as these functions can be dangerous but our software can run without issue with them enabled. This is merely a recommendation to strengthen the security of your server as our software (and others) does not utilize these dangerous functions (as mentioned in the warning). If you are on a shared server, you may not have complete control over the server as indicated by your hosting provider. This would be something you would want to research if you want the capability to better secure your server or stick with your provider.
  • Create New...