E-topbiz.com - php scripts and cgi scripts shop!

  • Proud Php And Cgi Scripts Provider Since February 2003!

  • More Than 9000 Satisfied Customers Can't Be Wrong!

  • More Than 11000 Scripts Sold - Guaranteed Quality!

  • Fair $70 Value Free Bonus With Every Script Purchase!

  •  • 

 • Our Articles: Using Php Safely

The best method to make your Php scripts safe is by carefully selecting a good viable combination of system settings and safe and sound programming practices. Based on the wide options of types of threats, this article provides a little insight into how to make your Php scripts safe.  
  Php in Safe Mode - effective way of using php scripts  
  Safe Mode is the most effective method to reduce the threat. The basic idea is to make a restricted environment for Php; hereby curtailing the number of external threats on Php based script. This method is called Safe Mode. A particular command safe_mode in php.ini turns the safe mode on. Also, a directory can be included so as to restrict Php from uploading all the scripts. The scripts which are in the directory only will be allowed to load on the system. Php will not execute a script if it is not in this directory. In addition, Php will not let a script even call another program that is not in this particular directory. By creating this directory, a number of attacks will be reduced and will be limited to only what is in the safe mode directory.  
  If the user modifies the environment variables, then it can be quite dangerous. So to prevent this, another Php configuration is used which is commonly called php.in configuration. This particular configuration does not allow the user to change the settings of the environment variables. A list is also included in this mode which has all the environment variables that can be changed by the user or simply indicating that the users are allowed to change the variables given in the list. The field safe_mode_allowed_env_vars holds a list of variables that identify with the names of the environment variables the user is permitted to change. Thus, any environment variable whose name begins with something not listed in safe_mode_allowed_env_vars cannot be changed from within a Php script. At times, some Php_ variables also contain important information, so this limitation is not completely safe either.  
  There is one more configuration that can be safely used- safe_mode_protected_env_vars . The list given in this directory spells out names of some environment variables that the user is not allowed to change. The confined variables cannot be misused even if they are also there in the safe_mode_allowed_env_vars list. It has been programmed by default, the only protected variable is $LD_LIBRARY_PATH .  
  It is advised to put the corrupt variables in the directory list so that they may not be allowed to be changed by the user. For improved protection, it would be better to use both settings, placing as many dangerous environment variables in the directive safe_mode_protected_env_vars as possible.  
  It is a point of argument to use Cgi version of Php along with Chroot. But it has shown no positive results, therefore, as for now, it is recommended to use a safe mode totally for your system.  
  There are many different options in which one can use this excellent programming language Php. There are many choices to select its behavior - which can vary according to the needs of a user. There is a wide range of options which guarantee that you can use Php for a lot of purposes, but it also means there are combinations of these options and server configurations that result in an insecure setup and other forms of safety threats.  
  The design flexibility of Php is a regular adversary to the code flexibility. Php as command language can be used to build an entire server application, with all the authority of a shell user or it can also be used for simple server-side tasks which however includes a little risk in a strongly forbidden setting.  
  The safety of the system depends on how a programmer builds that environment, and how much security he has put into it. Php, like any other huge structure programming language, is under constant study and development. Every new version pf Php that is developed will always include big and small changes to improve and fix security faults, configuration accidents, and other issues that will affect the overall security and stability of your system.  
  So safe mode is good as an idea for a beginning, but it is not without its side effects. Therefore, the programmer needs to pay a lot of attention while going for Php Scripts!  
  Written by Goran Kusnjer,
E-Topbiz.com owner 
  php scripts shop  
  Home Page  •  About Us  •  Sitemap  •  Our Articles  •  Terms Of Use/Privacy  •  Frequently Asked Questions  
  Our Partners:  TurnKeyPot.Com  
  •  All rights reserved © 2003-2014 E-topbiz.com  •  HTML Valid  •  CSS Vaild  
  php scripts shop