PHP safe mode ... what will it break?

[pasi]

Hi all...

I crafted a zencart store for a customer on my own developement server... when ready with the layout and settings, I installed zencart on the customers server only to notice that it has safe mode on!

The hosting company has been asked to but safe mode off, but they refuse by saying it would lead to security issues!

the problem is, that the customer doesn't want to change hosting company (not my place to argue) and does not want to get another hosting plan from somewhere else just for the shop...

...so I installed the zen cart, replaced the files I had edited and replaced the freshly installed database by the one from my dev. server... everything seems to be fine and everything seems to work...

So the question is...

What exactly does safe mode break!?
Will it actually affect the shops behaviour somehow?

[pasi]

Anyone?

This is quite urgent!

[DrByte]

Among other things, Safe Mode may prevent the ability to use tools such as currency rate updates, database backups using the mysql-backup-plugin, timer-extensions on pages that are expected to take a long time to process, and in some cases the ability to upload product images. It may also cause unexpected and unpredictable error messages anywhere during the customers' shopping experience.

Zen Cart is not designed to run on servers running PHP in safe mode. It is not regularly tested for safe-mode support, and there are no plans to aggressively handle such configuration. It is prudent to host your ecommerce business on a trustworthy, well-configured, non-overloaded server.

In my observation, running a server in safe mode is only needed if the host doesn't have a good handle on security precautions and configurations, and/or has a lot of unscrupulous customers who leave their sites/accounts vulnerable to intrusion, causing the server to be open to hack attacks. The host has most likely been victim to several serious hack attempts and is now operating paranoid instead of efficiently. To run an ecommerce business on a server having those risks on it is not particularly wise. Most free-hosting accounts are served from servers running in php safe mode due to these same inherent risks in unmonitored and possibly questionable accountholders (and even just newbies who know little or nothing about websites and are just starting out but have a learning curve ahead), leaving security loopholes open in abundance.

All you can do is let your customer know of the risks and let them make their decision. Hopefully they will research further and understand the benefit of finding a host that doesn't *need* to run their server in safe mode.

[pasi]

It is kind of funny, that the hosting package is quite expensive (for Finnish one atleast) and the company has otherwise good reputation...

must be that they have incompetent system administrators who are unable to configure the server right!

Thanks for the information, I will relay it to my customer and see what they think.