PHPDeveloper.org http://www.phpdeveloper.org Up-to-the Minute PHP News, views and community en-us Tue, 18 Jun 2013 18:41:35 -0500 30 <![CDATA[PHP 10.0 Blog: Production mode]]> http://www.phpdeveloper.org/news/6911 http://www.phpdeveloper.org/news/6911 In an effort to get some thought going about ways to encourage security in PHP applications, Stas has posted an idea about a simplified php.ini setting - production=On.

His idea is that, with this setting on, the PHP installation would:

  • disable display errors
  • disable phpinfo()
  • turn expose_php off
  • make max_execution_time/memory_limit reasonable
  • and possibly a few others that some developers forget to set correctly
Comments on the post range from disagreement to suggestions on improvement and support.

]]> Mon, 18 Dec 2006 08:43:00 -0600 <![CDATA[PHP Security Blog: A Trio of Javascript Issues]]> http://www.phpdeveloper.org/news/6810 http://www.phpdeveloper.org/news/6810 On the PHP Security Blog, there's three new posts that Stefan Esser has written up that demonstrate some of the more destructive uses of Javascript that he's found:

While the first two are interesting, it's the last of these that most directly applies to PHP. He gives a simple "proof of concept" that checks to see if the embedded image is the correct "size" to be related to a webserver running PHP with the expose_php setting set to "on".

]]> Fri, 01 Dec 2006 13:22:28 -0600