> I don't think it's the best choice. Disable this is not a good idea > for security reasons.
I disagree. A correctly configured php interpreter (meaning: doc_root = "/var/www" user_dir = "public_html" in /etc/php4/cgi/php.ini) will perform the same check -- in the sensible way: The script is executed if it is found in $DOCUMENT_ROOT or in $HOME/$user_dir, whereas suphp insists on having the script in $DOCUMENT_ROOT. Therefore, the added check in the suphp executable only stops UserDir from working, but doesn't add any security since php already checks the location of the script. I'm in favor of recompiling suphp with --disable-checkpath -- in fact, that's what I did on my system. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
