Results 1 to 2 of 2
  1. #1

    Thread Starter
    Lively Member Bolerophone's Avatar
    Join Date
    Dec 2003

    Lightbulb PHP Security Issues


    Here is an article I found,that may be usefult to many of us.

    PHP Security Threats

    Jobs: "Do u want to sell colored sugar water or change the world?"

    Get Firefox Now!!!
    Mendhak leaving town.

  2. #2
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Ickenham, UK

    Re: PHP Security Issues

    That's a nice article. Good find

    A few other points too. Since that article was written the register globals setting in the php.ini file has been disabled by default. You would have to be a complete nutter to turn it on or to write your scripts assuming that it is turned on. There are also a few other things which you should take into consideration when writing script, especially if they are intended for use in a public domain:
    • As well as running PHP in safe mode, ensure that the interpreter itself or the web server process running the PHP interpreter is not a root or Admin user who has full access to the system.
    • Turn off the display of errors by setting the display_errors directive to off and redirect any errors to a log file. This is explained here.

    I have added a link to this thread to the PHP FAQ - Thanks
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!

    Spread happiness and joy. Rate good posts.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts


Click Here to Expand Forum to Full Width

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.