News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP 10.0 Blog:
Production mode
December 18, 2006 @ 08:43:00

In an effort to get some thought going about ways to encourage security in PHP applications, Stas has posted an idea about a simplified php.ini setting - production=On.

His idea is that, with this setting on, the PHP installation would:

  • disable display errors
  • disable phpinfo()
  • turn expose_php off
  • make max_execution_time/memory_limit reasonable
  • and possibly a few others that some developers forget to set correctly
Comments on the post range from disagreement to suggestions on improvement and support.

0 comments voice your opinion now!
production mode phpini setting phpinfo exposephp displayerrors production mode phpini setting phpinfo exposephp displayerrors


PHP Security Blog:
A Trio of Javascript Issues
December 01, 2006 @ 13:22:28

On the PHP Security Blog, there's three new posts that Stefan Esser has written up that demonstrate some of the more destructive uses of Javascript that he's found:

While the first two are interesting, it's the last of these that most directly applies to PHP. He gives a simple "proof of concept" that checks to see if the embedded image is the correct "size" to be related to a webserver running PHP with the expose_php setting set to "on".

0 comments voice your opinion now!
javascript security issue portscan http auth firefox exposephp scan javascript security issue portscan http auth firefox exposephp scan



Community Events





Don't see your event here?
Let us know!


laravel symfony package tool voicesoftheelephpant framework security podcast release update version interview opinion mvc introduction series composer community language library

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework