Just wanted to know what could be the security cautions I should know about PHP Hosting?
Thanks
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Just wanted to know what could be the security cautions I should know about PHP Hosting?
Thanks
Here are some of the things:
eval,passthru,shell_exec,etcallow_url_fopenregister_globalsAnd don’t forget:
PHP Security Guide
Finally as suggested by Rook, you should run:
PHPSecInfo script to see security settings of your host.
http://phpsec.org/projects/phpsecinfo/
For webhosts and Development Teams
In development environments make sure you have appropriate coding standards. If you feel you are hosting insecure code which you did not write, consider installing a Web Application Firewall. Also consider steps to prevent bruteforce attacks (for example if you are hosting popular CMS tools), an Intrusion Prevention System like Fail2Ban can help you do this. A lot of these issues are covered in this talk Practical Web Security – Junade Ali, the video of the talk is here.
For PHP you can also consider using Suhosin which adds a number of security features to the PHP core. Be careful installing it first and test your sites afterwards to ensure it doesn’t break anything.