On Oct 25, 2004, at 11:55 PM, Markus Klaus Schäffauer wrote:
thank you for your clear answer (see above)... We
asked our service
provider and he told us to change to another server with an open
mod_php, but telling us that this one has an serious security hole.
Do you see any other solution to our problem? Will there come up a fix
to enable the functionality of thumb generation in another way?
There is support for using PHP's GD library interface to generate
thumbnails, but a) it doesn't work as well, producing lower quality
images and b) if it were available the installer should have selected
it instead of ImageMagick.
You might double-check in case the installer was mistaken or you edited
the LocalSettings.php file by hand; try setting $wgUseImageMagick =
false; and it will try to use the GD library functions instead.
I can not understand that a software like Mediawiki
depends on
functions that are disabled for security reasons. May there be a way
to tell it to the provider that he can enable the functions without
producing a security hole?
Often mass hosting providers disable things like this because their
setups are inherently insecure, with many users' accounts running under
the same privileges on an unpartitioned server. A secure multi-user
hosting solution would include separate virtual servers for each user
account (chroot or jail partitions, usually) such that no user's
programs could affects any other user's files. Instead, they will
sometimes just disable large swaths of functionality so make it harder
to do anything: if you can't modify files or run external programs it's
hard to make trouble.
-- brion vibber (brion @
pobox.com)