1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk 8.0 FC4 PHP5 and APP VAULT.

Discussion in 'Plesk for Linux - 8.x and Older' started by robstarox, Jul 11, 2006.

  1. robstarox

    robstarox Guest

    0
     
    It appears that many of the applications in app vault dont function due to php 5.

    Is anyone else experiencing these problems?
     
  2. robstarox

    robstarox Guest

    0
     
  3. jwdick

    jwdick Guest

    0
     
    Followed the thread above and was able to get all of the app vaults programs to work:

    Basicly just edit the info.xml file of the app that does not install:

    /usr/local/psa/var/cgitory/$appname$/info
    *info.xml*
    <APACHE_VHOST name="PHP" value="on" />
    <DATABASE type="mysql" name="" username="" passwd="" host="localhost" />
    <VERSION name="PHP" value="4.1.0" rel="ge" />
     
  4. robstarox

    robstarox Guest

    0
     
    OS commerce fix

    Theres a few thigns you need to do

    First is to modify /etc/php.ini.

    PHP.INI CHANGES:
    register_globals = On
    register_long_arrays = On

    Then modify some of the osCommerce php files... follow the instructinons below

    http://www.oscommerce.com/community/bugs,2675/status,open
     
  5. robstarox

    robstarox Guest

    0
     
  6. Linulex

    Linulex Regular Pleskian

    33
    80%
    Joined:
    Aug 4, 2001
    Messages:
    425
    Likes Received:
    60
    This poll has 2 correct answers imo:

    - php 5 is the problem
    - the administrator is the problem

    php5 is the problem:
    A lot of the scripts in the app vault dont officialy support php5 yet. You need to look up the website, the FAQ, whatever ... of each app to see if it supports php5. If the creators of an app didnt state there app is php5 ready then it probably isnt yet.

    the administrator is the problem:
    If your interested in security, the app vault is a very big NONO.
    Its great for users but lets face it, only those that dont have a clue how to install a script manualy use it.

    an expample
    plesk 8 has phpbb 2.0.19
    On the phpbb site i can read: current version = 2.0.21
    both .20 and .21 have security fixes

    So by using the app vault you have by default loads of unsecure scripts on your server that NEVER can or will be updated.

    One of the jobs of the administrator is keeping the servers safe, handing users the tools to make them unsafe is not a good security policy imho.

    regards
    Jan
     
  7. jwdick

    jwdick Guest

    0
     
    A very good point and well taken. Even I, as the administrator, do not install applications from the application vault.

    So do you just not let users (customers) install the scripts if they don't know how or do you do it for them?
     
  8. Linulex

    Linulex Regular Pleskian

    33
    80%
    Joined:
    Aug 4, 2001
    Messages:
    425
    Likes Received:
    60
    Most of our users know how to install scripts on there own. If someone doesnt know how to do it and soesnt know anyone who can do it for them, we can install it for them for a small fee.

    Its just like a car: or you know how to drive and take your own car or get a ride from a friend, or you take a taxi and pay the driver for his/her time.

    For safe mode on our hosting servers we have very stricked procedures:
    - it only is turned off on a per domain base
    - it never goes off for encrypted scripts

    and the user has to agree with these conditions:
    - keep the script save at any times, promptly install any security updates.
    - when a server should get hacked due to an unsafe script the user pays all costs.

    These rules may sound (to) harsh but the result is that we never had a server hacked in over 7 years and not 1 minute downtime due to these issues.

    regards
    Jan
     
  9. jwdick

    jwdick Guest

    0
     
    Sounds like a good set of rules to me.

    I have never liked offering the Appl. Vault because of the security limitations that you mentioned.

    Thanks for the advice.

    Best Regards,
     
Loading...