人们应该何时或出于什么原因打开/关闭 PHP 安全模式? [英] When or for what Reasons should folks turn PHP Safemode ON/OFF?
问题描述
关于PHP安全模式的问题:
默认情况下,它在 PLESK 共享主机帐户环境中打开:虽然在我的网站上似乎工作正常,但也许关闭时它会工作得更快/更好?我不太明白下面的文字,尤其是PHP的解释:
Question about PHP safe-mode:
By default it is switched on in PLESK shared-hosting account environment:
While on my site seems to work fine, but maybe it will work faster/better when off?
I dont understand the below text very well, especially PHP's explanation:
PLESK:
默认情况下,PHP 配置为在具有功能限制的安全模式下运行.启用安全模式时,某些 Web 应用程序可能无法正常运行:如果站点上的应用程序因安全模式而失败,请关闭安全模式
By default, PHP is configured to operate in safe mode with functional restrictions. Some web applications may not work properly with safe mode enabled: If an application on a site fails due to safe mode, switch the safe mode off
PHP.net:
自 PHP 5.3.0 起,此功能已被弃用.非常不鼓励依赖此功能.PHP 安全模式是解决共享服务器安全问题的一种尝试.尝试在 PHP 级别解决此问题在架构上是错误的,但由于 Web 服务器和操作系统级别的替代方案不是很现实,因此许多人,尤其是 ISP 的人,现在使用安全模式.
This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged. The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now.
问题 1:人们应该何时/出于什么原因开启安全模式?
问题 2:人们何时/出于什么原因应该关闭安全模式?
Question1: When/for what reasons should folks turn Safemode ON?
Question2: When/for what reasons should folks keep Safemode OFF?
推荐答案
将其关闭.始终保持关闭.
Turn it off. Always leave it off.
它的设计是为了让 PHP 安全在大量主机上使用,并让主机锁定"PHP.
It was designed way back when as a way to make PHP safe to use on mass hosts, and let the hosts "lock down" PHP.
但随着时间的推移,人们意识到这并没有真正奏效,无论如何也没有真正解决问题.有更好的系统级方法来保护服务器.因此,PHP 将在下一个主要版本中删除该功能并弃用.
But over time, it was realized that this didn't really work, and didn't really solve the problem anyway. There are better system-level ways of securing servers. So PHP is removing the functionality in the next major version and has it deprecated.
所以直接回答你的问题:
So to directly answer your questions:
人们应该什么时候打开它:
从来没有.它并没有真正起作用,而且它限制了您以理智的方式使用 PHP 可以做的事情,所以不要打开它.
Never. It doesn't really work, and it limits what you can do with PHP in a sane way, so just don't turn it on.
人们什么时候应该远离它:
总是.它真的不起作用,所以没有必要打开它......
Always. It doesn't really work, so there's no point to turning it on...
无论如何那是我的 0.02 美元...
That's my $0.02 anyway...
一些参考资料
你可以对服务器做的一切,你可以在安全模式下做,包括:无论如何都可以写入网络服务器.那么重点是什么?
Everything you can do to a server, you can do with Safe Mode on, including: It's possible to write to the webserver anyway. So what's the point?
Edit2:关于速度:
速度差异充其量只是微不足道的.这只不过是一个微观优化.与担心诸如此类的特定配置选项相比,通过编写好代码,您将获得更大的收益.完全不用担心速度差异.正确构建您的应用程序,然后再担心速度.更不用说前端 Web 服务器(Apache、IIS、Lighttpd、NginX 等)和 SAPI(mod_php、CGI、FastCGI 等)的选择将比 safe_mode 产生更大的差异......
The speed difference is likely to be trivial at best. It's no more than a micro-optimization. You're going to get a far bigger gain by writing your code well than worrying about a specific configuration option such as this. Don't worry about the speed difference at all. Build your application properly, and worry about speed later. Not to mention that the choice of front end web server (Apache, IIS, Lighttpd, NginX, etc) and SAPI (mod_php, CGI, FastCGI, etc) will make a far bigger difference than safe_mode ever can...
这篇关于人们应该何时或出于什么原因打开/关闭 PHP 安全模式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
