Consortium News
Promotional Links
Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information

open_basedir

Test Description

Checks if the open_basedir setting is enabled.

Security Implications

open_basedir limits the PHP process from accessing files outside of specifically designated directories.

Remember this setting will only affect PHP scripts. Applications written in other languages (Perl, Python, Ruby, etc.) will not be affected.

Recommendations

Set open_basedir to only allow access to required portions of the filesystem, like your web site's documents and any shared libraries.

You can set open_basedir in the php.ini file:

; Set open_basedir to the 
open_basedir = "/var/www/foo.bar/:/usr/local/php/"

The setting can also be applied in apache's httpd.conf file, or an .htaccess file:

# Set open_basedir to a safe location
php_value    open_basedir    /var/www/foo.bar/:/usr/local/php/

More Information

« Test information index

Get PhpSecInfo