Sep 28th, 2005, 02:38 AM
PHP Security Issues
Here is an article I found,that may be usefult to many of us.
PHP Security Threats
Jobs: "Do u want to sell colored sugar water or change the world?"
Get Firefox Now!!!
Mendhak leaving town.
Sep 28th, 2005, 11:57 AM
Re: PHP Security Issues
That's a nice article. Good find
A few other points too. Since that article was written the register globals setting in the php.ini file has been disabled by default. You would have to be a complete nutter to turn it on or to write your scripts assuming that it is turned on. There are also a few other things which you should take into consideration when writing script, especially if they are intended for use in a public domain:
- As well as running PHP in safe mode, ensure that the interpreter itself or the web server process running the PHP interpreter is not a root or Admin user who has full access to the system.
- Turn off the display of errors by setting the display_errors directive to off and redirect any errors to a log file. This is explained here.
I have added a link to this thread to the PHP FAQ - Thanks
Click Here to Expand Forum to Full Width