Issue Configuring server-wide security policy. PHP Version and Handler

[Daniel West]

I'm getting an alert when I set my PHP version of PHP handler.
"There are settings that conflict with the server-wide security policy. Are you sure you want to continue?"

I can continue, but I'd like to adjust the server-wide policy to allow any PHP version that is installed - additionally the handler types show up as a problem.

This is my site_isolation_settings.ini

;; The section describes allowed hosting options

[hosting]
php = any
php_handler_type = fastcgi
;python = off
;perl = off
;fastcgi = any
;miva = off
;ssi = any
;ssl = any
;shell = /usr/local/psa/bin/chrootsh
;asp = any
;php_safe_mode = on
;coldfusion = off

I've also attach a screenshot of the error, my settings that are causing this warning to show.

My permissions are set so "Setup of potentially insecure web scripting options that override provider's policy" is Off.

Is this a bug or am I missing something? Thanks in advance.

 

[IgorG]

https://talk.plesk.com/threads/the-following-settings-conflict-with-the-policy-php-version.336453/

 

[Daniel West]

Thanks IgorG. What is it that makes that version of PHP insecure? By change the option "Setup of potentially insecure web scripting options that override provider's policy" to On dies that simply mean the user themselves will be able to select any option that I've permitted in the site_isolation_settings.ini or does it give them permissions that they really shouldn't have?

Also, I imagine the warning is there for a reason - what is it about the later versions of PHP that make them potentially insecure?

Sorry for all the additional questions - I'd just like to try and understand these security messages as fully as possible instead of simply changing an option without knowing if there are any other negative effects.

 

[Pnia]

any update about this?