Suhosin : Exclude a domain from disabled functions

July 8, 2009 on 9:09 am | In PHP | 1 Comment

when you use use “suhosin.executor.func.blacklist”, in php.ini it will disable those functions to entire domains in the server.

However, you can exclude domains from that restriction by using the appropriate entry in the apache configuration.

If in php.ini you have added suhosin.executor.func.blacklist = “exec,passthru,shell_exec” and all the functions that you want to disable globally.

Find the corresponding domain’s Virtual Host entry for which you want to exclude from /usr/local/apache/conf/httpd.conf suhosin.executor.func.blacklist again but without the function that you need to enable. And so you will enable that function only for one domain.

<VirtualHost 78.45.23.1:80>
………..
………..
<IfModule mod_php4.c>
php_admin_value open_basedir “/usr/lib/php”
</IfModule>
<IfModule mod_php5.c>
php_admin_value open_basedir “/usr/lib/php”
php_admin_value suhosin.executor.func.blacklist = “passthru,shell_exec”
</IfModule>
…….
……
</VirtualHost>

In this example exec has been enabled for the VirtualHost.

Thats all

How to install ASP.NET with Mysql in Linux server (cPanel)

July 2, 2009 on 8:57 am | In ASP.NET, Apache, Cpanel | 2 Comments

You should enable mod_mono in easyapache to enable ASP.NET. However, for using Mysql database with ASP.NET, you need to download and install a connector from Mysql site.
The one you need is Windows Binaries, no installer (ZIP).

Installation

cd /usr/local/src/
mkdir asp-connector
cd asp-connector
wget Windows Binaries, no installer (ZIP)
/opt/mono/bin/gacutil -i  /usr/local/src/asp-connector/bin/MySql.Data.dll

Most of you forget the next step and the Mysql connector won’t work.

cd /opt/mono/lib/mono/gac/MySql.Data
cd 5.2.3.0__xxxxxxxxxx/
chmod 755 MySql.Data.dll

Restart Apache

/etc/rc.d/init.d/httpd restart

Now you should be able to connect to mysql using .aspx scripts

Here is a custom script to check the working.
First Create a mysql database first (using command line)

$ mysql -u root -p

mysql> CREATE DATABASE asptest;
Query OK, 1 row affected (0.10 sec)

mysql> USE asptest;
Database changed

mysql> CREATE TABLE testtable ( id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(255) );
Query OK, 0 rows affected (0.09 sec)

mysql> INSERT INTO testtable VALUES(null,'Fame');
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO testtable VALUES(null,'Clean');
Query OK, 1 row affected (0.00 sec)

mysql> SELECT * FROM testtable;
+----+----------+
| id | name |
+----+----------+
| 1 | Fame |
| 2 | Clean |
+----+----------+
2 rows in set (0.00 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON asptest.* TO asptest@localhost IDENTIFIED BY 'nogesspassword';
Query OK, 0 rows affected (0.12 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.13 sec)

Lets go to the script
Here is it. It will display the contents of the database.

First, create a file called test.aspx in your web directory
Add this code and save it.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="MySql.Data.MySqlClient" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <title>ASP test</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

    <script runat="server">
    private void Page_Load(Object sender, EventArgs e)
    {
       string connectionString = "Server=localhost;Database=asptest;User ID=asptest;Password=nogesspassword;Pooling=false;";
       MySqlConnection dbcon = new MySqlConnection(connectionString);
       dbcon.Open();

       MySqlDataAdapter adapter = new MySqlDataAdapter("SELECT * FROM testtable", dbcon);
       DataSet ds = new DataSet();
       adapter.Fill(ds, "result");

       dbcon.Close();
       dbcon = null;

       ArtistsControl.DataSource = ds.Tables["result"];
       ArtistsControl.DataBind();
    }
    </script>

  </head>

  <body>
    <h1>Artists</h1>
    <asp:DataGrid runat="server" id="ArtistsControl" />
  </body>

</html>

Finally, you need a web.config file, in the same web directory where test.aspx . It should contain the following to enable the MySQL libraries to be loaded:

Add the following to web.config

<configuration>
<system.web>
<compilation>
<assemblies>
<add assembly="MySql.Data"/>
</assemblies>
</compilation>
<customErrors mode="Off"/>
</system.web>
</configuration>

Now try accessing the file test.aspx using http://domainname.com/test.aspx

If you need any help, please let me know.