¿Por qué no usamos exec() en php para hacer algo?

As we all know,php has some functions like exec(),system() etc.

I use it to open some program like openvpn.

I also can get the all dir's size by du -skh by replace some recursion functions.

but,the exec() in most cases is disabled default.

So I want to know why?

Because of what security issues or other reasons?

preguntado el 25 de abril de 13 a las 06:04

yes,I get the answer from php man,but I need want to know why?For example? -

To know why, just build a website with them and wait for something to happen and when it happens, you'll know why -

2 Respuestas

Typically these functions are disabled in shared hosting environments on which giving shell access to a user could lead to security issues. You don't want another guy sharing your server to be able to mess with your files.

Respondido 25 Abr '13, 06:04

Thanks,this is indeed a problem.If I used it in a server which for running lnmp,may I used it some place? - yifanes

PHP has a lot of functions which can be used to crack your server if not used properly. You can set list of functions in php.ini using disable_functions directive. This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions is not affected by Safe Mode. This directive must be set in php.ini For example, this are the list

exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,
parse_ini_file,show_source

Respondido 25 Abr '13, 06:04

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.