Jump to content
xisto Community
Sign in to follow this  
OpaQue

Open_basedir And E-accelerator To Be Activated Faster and Secured Hosting.

Recommended Posts

Faster and Secured Hosting.

 

Xisto - Web Hosting will be activating open_basedir permissions on all its servers. Previously, we had it active on only a few select servers, however to make our hosting envoirment secure, We have now decided to activate it throughout our cluster.

 

Some of you might be wondering, What is open_basedir protection exactly?

Open_basedir limits the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

 

If you try to open a file using your PHP program, you can open files only in PRESENT directory where your PHP program is OR sub-directories. So, suppose your php program is at :-

 

/www/mysite/myPhpProgram.php

You can open files and work with them using PHP in these locations:-

 

user1/www/mysite/ -> present folderuser1/www/mysite/subsite/ -> sub-folderuser1/www/mysite/subsite/subsubdir/ -> sub-sub-folder

You cannot open files in these locations :-

 

/www/ -> parent folder not allowed/user2/www/HISsite/ -> other user folder not allowed, even if it has 777 permission --> [CASE-A]

Consider CASE-A.

 

With OpenBase_dir Protection ON:

 

You being the programmer are not allowed to VIEW "user2's" file. You are given an error in PHP saying, open_basedir protection enabled.

 

If you are user2 here with folder "HISsite" (permission 777), You get safe because someone could had accessed your FOLDER "HISsite" and tampered with its contents, created files, folders, modified your content etc.

With OpenBase_dir Protection OFF:

 

With Protection OFF, anyone can access ANY of your folders and files with permission 777. This permission is usually given to PHP config files, folders were user contents are uploaded by your program like "uploads", "cache" etc.

 

A simple fopen and fwrite function can be used to Inject Code or data into your files. And much more can be done to abuse this power.

When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. If the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir .

 

The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().

What if my PHP files are already using/including files from parent folder?

Good Question. The answer is, They will fail.

You will have to upgrade your script to better versions.

 

But, open_basedir is not something new and all php developers know about it. So, the amount of programs failing should be very rare.

Still, I am one of those rare cases? Now what ??

Don't worry, Contact us at https://support.xisto.com/.

Select the Right Dept. and Send us a support ticket.

 

We will take care of your situation. (applicable only to Paid Web Hosting Members only)

Okay, thanks Shree for explaining open_basedir, Now I know what open_basedir is,

so what is eAccelerator all about?

eAccelerator is a PHP accelerator derived from the MMCache extension for the PHP programming language. eAccelerator provides a bytecode cache and encoder. eAccelerator is open source and thereby free to use and distribute.

 

Every time a PHP script is accessed, PHP usually parses and compiles scripts to bytecode. Once installed, eAccelerator optimizes the compiled bytecode and caches this to shared memory or disk. Upon subsequent accesses to a script, eAccelerator will access cached bytecode if it is available instead of the script being compiled. This avoids the performance overhead of repeated parsing and compilation.

 

eAccelerator also provides functions for use in PHP scripts that allow access to shared memory, automatic web (content) caching, and other related tasks.

and... How does this eAccelerator affect me?

Simple, If you logon to your PHP forums/gallery or other application and say, "WHOA! That was FAST!". You can give the credits to eAccelerator! :-)

I hope, you appreciate and support our decisions. We thank you again for choosing Xisto - Web Hosting as your hosting provider.:-)

 

Regards,

 

Shree

Xisto Corporation

 

NEWS ARTICLE: https://support.xisto.com/index.php?_m=np;group=default

Share this post


Link to post
Share on other sites

Is it just on Xisto - Web Hosting or Xisto too?eAccelerator sounds nice, hopefully I can say "Thanks Shree, WOAH logging into Joomla was fast!" LOLAlthough I'm not sure about open_basedir, I'm not the one for PHP, still learning PHP and all, except using Joomla I gather I'll be fine, and when I get my MyBB forum up I assume it'll be fine too! Except by the time I get the forum up I don't know if I'll still be here, looking into hosting from a certain company!Anyway, as long as open_basedir doesn't affect me at all, nice move ;)

Share this post


Link to post
Share on other sites

Sounds like a great move! I do have to say that I think it has made my site faster, thanks! Just a question, has e-accelerator been installed on the forums also, or just on the hosting servers?

Share this post


Link to post
Share on other sites

I'm a little worried about open_basedir ... however, I definitely welcome eAccelerator. It should make PHP files a lot faster.As for how it is rolling out, from what I understand, he is rolling it out to all servers on the Xisto network.xboxrulz

Share this post


Link to post
Share on other sites

I'm excited about the changes. Eaccellerator will make page loads faster and more efficient, and open_basedir will limit the accidental damage caused by a badly written PHP script (and I've written a few of those...LOL)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.