On Oct 25, 2004, at 11:55 PM, Markus Klaus Schäffauer wrote:
thank you for your clear answer (see above)... We asked our service provider and he told us to change to another server with an open mod_php, but telling us that this one has an serious security hole.
Do you see any other solution to our problem? Will there come up a fix to enable the functionality of thumb generation in another way?
There is support for using PHP's GD library interface to generate thumbnails, but a) it doesn't work as well, producing lower quality images and b) if it were available the installer should have selected it instead of ImageMagick.
You might double-check in case the installer was mistaken or you edited the LocalSettings.php file by hand; try setting $wgUseImageMagick = false; and it will try to use the GD library functions instead.
I can not understand that a software like Mediawiki depends on functions that are disabled for security reasons. May there be a way to tell it to the provider that he can enable the functions without producing a security hole?
Often mass hosting providers disable things like this because their setups are inherently insecure, with many users' accounts running under the same privileges on an unpartitioned server. A secure multi-user hosting solution would include separate virtual servers for each user account (chroot or jail partitions, usually) such that no user's programs could affects any other user's files. Instead, they will sometimes just disable large swaths of functionality so make it harder to do anything: if you can't modify files or run external programs it's hard to make trouble.
-- brion vibber (brion @ pobox.com)