Hi

Here is an article I found,that may be usefult to many of us.

PHP Security Threats (http://www.developer.com/lang/article.php/918141)

Amresh

That's a nice article. Good find :thumb:

A few other points too. Since that article was written the register globals setting in the php.ini file has been disabled by default. You would have to be a complete nutter to turn it on or to write your scripts assuming that it is turned on. There are also a few other things which you should take into consideration when writing script, especially if they are intended for use in a public domain:

As well as running PHP in safe mode, ensure that the interpreter itself or the web server process running the PHP interpreter is not a root or Admin user who has full access to the system.
Turn off the display of errors by setting the display_errors directive to off and redirect any errors to a log file. This is explained here (http://www.php.net/manual/en/ref.errorfunc.php).


I have added a link to this thread to the PHP FAQ :) - Thanks