Revision history for SecurePHP
Additions:
see http://wdb.fh-sm.de/ProgrammierenMitPHP
Deletions:
- /etc/php.ini > register_globals = OFF
- if you use "register_globals", then initialize every variable!
- do not trust incoming data
- you shouldn't use "include($_GET['seite']);"
- use safe settings in your APACHE / PHP configuration
- [[http://www.php.net/manual/de/features.safe-mode.php SafeMode]] in php.ini
- OpenBasedir in httpd.conf
-
Additions:
- use safe settings in your APACHE / PHP configuration
- [[http://www.php.net/manual/de/features.safe-mode.php SafeMode]] in php.ini
- OpenBasedir in httpd.conf
- [[http://www.php.net/manual/de/features.safe-mode.php SafeMode]] in php.ini
- OpenBasedir in httpd.conf
Deletions:
- [[http://www.php.net/manual/de/features.safe-mode.php SafeMode]] in php.ini and httpd.conf
Additions:
- [[http://www.php.net/manual/de/features.safe-mode.php SafeMode]] in php.ini and httpd.conf
Deletions:
Additions:
- WebserverSafeSettings in php.ini and httpd.conf
Deletions:
Additions:
- use "open_basedir" and other safe settings in your APACHE / PHP configuration
- SafeSettings in php.ini and httpd.conf
- SafeSettings in php.ini and httpd.conf
Deletions:
- UseOpenBasedir
Additions:
- use "open_basedir" in your APACHE / PHP configuration
- UseOpenBasedir
-
- UseOpenBasedir
-
Additions:
- if you use "register_globals", then initialize every variable!
Additions:
- /etc/php.ini > register_globals = OFF