E-topbiz.com - php scripts and cgi scripts shop!

  • Proud Php And Cgi Scripts Provider Since February 2003!

  • More Than 9000 Satisfied Customers Can't Be Wrong!

  • More Than 11000 Scripts Sold - Guaranteed Quality!

  • Fair $70 Value Free Bonus With Every Script Purchase!

  •  • 

 • Our Articles: Safe Configuration Settings For Php

Php Scripting language has wide domain functionality and it is quite difficult to attain a perfect sense of balance between the task and the security of a system, as there are many issues that affect security. Here we discuss some of these who are closely related to Php scripts.  
  Every time a Php processor is called for, the configuration file php.ini is read and processed. This contains all the settings for the system. The file may be read a number of times or as many times as the script gets executed. If the Php server is installed on the web server then the Php file is read just once, otherwise it is read every time when the interpreter is asked to perform its duties. In the latter case, Php is installed as Cgi. The security restrictions are often by passed if they are open for the user's input and consequently damage the system. These functions that possess the right of entry in the configuration setting options should not be given with user input, even if it has been sorted out.  
  If one wants to give a set of different configuration settings and restrictions, then it is advisable to use the Apache module installations of Php, which has the facility to configure the settings in each directory where the scripts reside.  
  When ever Php is used as an Apache module it becomes heir to Apache's user authorization and that too of the "nobody user" by default. This particular action has more than a few impacts on security and authorization. Here's an example - suppose you are using PGP to get into a data base, and unless and until the database has a in built access control, you will not be able to get access to it. In this case, you will have to build another module which gives access to the "no body" user in the data base. This means a nasty script could enter and modify the database, even without a username and password! It's completely achievable that a web spider could fall across a database administrator's web page, and drop all of your databases. You can defend your self against this threat with the help of Apache endorsement, or you can plan your own admission model using LDAP, .htaccess files, etc. and include that code as part of your Php program and then use it safely.  
  In some cases, the growing number of permissions given to the Apache user is a root cause of threats and dangers. There are some simpler answers to this problem like by the use of open_basedir, one can control and limit what directories are to be allowed for Php usage. Also setting up only apache areas can restrict the activity to an extent.  
  Normally there are two configuration settings that directly have control over the safe mode configuration. One is Safe Mode and the other is safe_mode_exec_. Safe_mode, which turns safe mode on or off, and the directive safe_mode_exec_dir , which states that a directory from which Php scripts are allowed to call external programs when safe mode is on. Another setting related to safe mode is doc_root -- Php will not serve files that are external to this directory while in safe mode.  
  There is one more directive by the name of disable_functions . Its function is to restrict the variables. This lists contains the names of functions that Php will just not take into account. Putting dl () on this particular list is another way to prohibit dynamic weight on to the web page. For even tighter security, you can immobilize mail () , system () , and friends, even include () . Of course this also confines the functionality of the script rather strictly. Usually, it is a fine scheme to stop functions that have the possibility to do damage and that the scripts can do without.  
  By default, Php has made all the environment and server variables globally accessible by their own names. The list consists of cookies, GET and POST variables. This helps beginner Php programmers to a great extent that they do not have to figure out how to regain this outside data.  
  Like any other system-level scripting languages and programs that are used, the best loom is to update your self quite often, and sustain a continuous awareness of the latest versions and the revolution that is being brought about in the market. This attitude is the safest way to go, and increases the improvement potential of your system.  
  Written by Goran Kusnjer,
E-Topbiz.com owner 
  php scripts shop  
  Home Page  •  About Us  •  Sitemap  •  Our Articles  •  Terms Of Use/Privacy  •  Frequently Asked Questions  
  Our Partners:  TurnKeyPot.Com  
  •  All rights reserved © 2003-2014 E-topbiz.com  •  HTML Valid  •  CSS Vaild  
  php scripts shop