Restrict PHP Information Leakage


1 - To restrict PHP information leakage disable expose_php.
Edit /etc/php.d/secutity.ini and set the following directive:

expose_php=Off

2 - Do not expose PHP error messages to all site visitors.
Edit /etc/php.d/security.ini and set the following directive:

display_errors=Off

Make sure you log all php errors to a log file:

log_errors=On
error_log=/var/log/httpd/php_scripts_error.log


3 - Limit PHP Access To File System

The open_basedir directive set the directories from which PHP is allowed to access files using functions like fopen(), and others. If a file is outside of the paths defined by open_basdir, PHP will refuse to open it. You cannot use a symbolic link as a workaround. For example only allow access to /var/www/html directory and not to /var/www, or /tmp or /etc directories:

; Limits the PHP process from accessing files outside
; of specifically designated directories such as /var/www/html/
open_basedir="/var/www/html/"
; ------------------------------------
; Multiple dirs example
; open_basedir="/home/httpd/vhost/cyberciti.biz/html/:/home/httpd/vhost/nixcraft.com/html/:/home/httpd/vhost/theos.in/html/"
; ------------------------------------
 


More:
https://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html


-
Marcadores: ,

Create pem certificate

 Creating a .pem with the Private Key and Entire Trust Chain     Log into your DigiCert Management Console and download your Intermediate (D...

Mais vistos

  • JKS and Openssl commands
    Java Keytool Command These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. A...
  • Zimbra export account command line
    Export full backup of one zimbra account zmmailbox -z -m user@domain -t 0 getRestURL "//?fmt=tgz" > /tmp/user@domain.tgz Exp...
  • DFSR clean Staging folder
     This particular error is generally experienced when people attempt a non NTFS volume such as ReFS to a DFSR replication group as documented...