Activity Stream
48,167 MEMBERS
6981 ONLINE
besthostingforums On YouTube Subscribe to our Newsletter besthostingforums On Twitter besthostingforums On Facebook besthostingforums On facebook groups

Results 1 to 5 of 5
  1.     
    #1
    Member

    Default Security

    Hello KWWHunction user's

    Well Basically i'm asking for a detailed guide on the following:

    Stop user's overriding / bypassing systems php.ini

    I know you have to disable: show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen


    to get secured server.
    VS-03 Reviewed by VS-03 on . Security Hello KWWHunction user's Well Basically i'm asking for a detailed guide on the following: Stop user's overriding / bypassing systems php.ini I know you have to disable: show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen to get secured server. Rating: 5

  2.   Sponsored Links

  3.     
    #2
    Member
    If you really want that thing to be secure, you could use linux vservers or freebsd jails & 'lock' your users in a jail, if you install php-fpm/nginx might be fine ressources-wise...

  4.     
    #3
    Member
    Website's:
    supportex.net
    If you really want to raise security of your server then you need to disable use of following php functions:
    Code: 
    eval, exec, passthru, shell_exec, system, proc_open, popen, parse_ini_file, show_source, getmyuid, posix_getpwuid, posix_getgrgid, fileowner|filegroup, apache_note, apache_setenv, openlog, syslog, virtual, dl, ini_alter, get_current_user, posix_uname
    The same users various rights permissions with nginx + php-fpm and use php security module suhosin.
    But keep in mind that some applications may not work with such restrictions, so you should carefully make changes.

  5.     
    #4
    Moderator
    NewEraCracker's Avatar
    Quote Originally Posted by supportex View Post
    If you really want to raise security of your server then you need to disable use of following php functions:
    Code: 
    eval, exec, passthru, shell_exec, system, proc_open, popen, parse_ini_file, show_source, getmyuid, posix_getpwuid, posix_getgrgid, fileowner|filegroup, apache_note, apache_setenv, openlog, syslog, virtual, dl, ini_alter, get_current_user, posix_uname
    Lol?

    eval - http://php.net/manual/en/function.eval.php
    ini_alter - http://php.net/manual/en/function.ini-alter.php
    Trusted: Dom, l0calh0st, 0ccul7, robert420
    Find all threads started by NewEraCracker

  6.     
    #5
    Member
    Website's:
    supportex.net
    Unfortunately very often the programmers do not check the incoming data. This allows an attacker to pass on their variables to execution.
    When on yours server lot of developers and you can not control quality of their code, but you need to keep security on the server. The best solution is to take hard management.

    Also you can read articles "PHP / SQL Security" on acunetix.com, that will help improve security of applications.
    Outsourcing server management, DDoS protect, performance and security server tuning.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Uploading Security ??
    By Interceptor13 in forum File Host Discussion
    Replies: 9
    Last Post: 27th Sep 2012, 06:08 AM
  2. Replies: 3
    Last Post: 8th Nov 2011, 03:54 AM
  3. Security q's
    By sapa50 in forum Technical Help Desk Support
    Replies: 2
    Last Post: 17th Oct 2011, 09:50 AM
  4. what security do you use for your website?
    By Suhel in forum General Discussion
    Replies: 1
    Last Post: 28th Apr 2011, 12:34 AM
  5. Security Tips
    By sniper in forum Webmaster Discussion
    Replies: 6
    Last Post: 11th Feb 2010, 10:28 AM

Tags for this Thread

BE SOCIAL