Hi
Here is an article I found,that may be usefult to many of us.
PHP Security Threats
Amresh
Printable View
Hi
Here is an article I found,that may be usefult to many of us.
PHP Security Threats
Amresh
That's a nice article. Good find :thumb:
A few other points too. Since that article was written the register globals setting in the php.ini file has been disabled by default. You would have to be a complete nutter to turn it on or to write your scripts assuming that it is turned on. There are also a few other things which you should take into consideration when writing script, especially if they are intended for use in a public domain:
- As well as running PHP in safe mode, ensure that the interpreter itself or the web server process running the PHP interpreter is not a root or Admin user who has full access to the system.
- Turn off the display of errors by setting the display_errors directive to off and redirect any errors to a log file. This is explained here.
I have added a link to this thread to the PHP FAQ :) - Thanks