Greenguy's Board - View Single Post - Some PHP security tips for programmers & non-programmers

raymor · 2005-10-13, 07:40 PM

More PHP security advice:

ALL PHP scripts have security issues, including
the following script, which lets any visitor to the
site upload any file they want to your server:

PHP Code:


			
<?php ?>

Even a totally empty PHP file with no code lets
people uploaded files to your server due to the
design (or rather lack of design) of PHP itself.

To improve PHP security turn register_globals off,
fopen_url off, open_basedir on, and except
for directories that hold scripts which accept
file uploads turn file uploads off.

2005-10-13, 07:40 PM	#7
raymor The only guys who wear Hawaiian shirts are gay guys and big fat party animals Join Date: Jan 2004 Posts: 178	More PHP security advice: ALL PHP scripts have security issues, including the following script, which lets any visitor to the site upload any file they want to your server: PHP Code: `<?php ?>` Even a totally empty PHP file with no code lets people uploaded files to your server due to the design (or rather lack of design) of PHP itself. To improve PHP security turn register_globals off, fopen_url off, open_basedir on, and except for directories that hold scripts which accept file uploads turn file uploads off. __________________ Ray Morris support@bettercgi.com Strongbox/Throttlebox & more TXDPS #A14012