Macetes TI: Restrict PHP Information Leakage

1 - To restrict PHP information leakage disable expose_php.
Edit /etc/php.d/secutity.ini and set the following directive:

expose_php=Off

2 - Do not expose PHP error messages to all site visitors.
Edit /etc/php.d/security.ini and set the following directive:

display_errors=Off

Make sure you log all php errors to a log file:

log_errors=On
error_log=/var/log/httpd/php_scripts_error.log

3 - Limit PHP Access To File System

The open_basedir directive set the directories from which PHP is allowed to access files using functions like fopen(), and others. If a file is outside of the paths defined by open_basdir, PHP will refuse to open it. You cannot use a symbolic link as a workaround. For example only allow access to /var/www/html directory and not to /var/www, or /tmp or /etc directories:

; Limits the PHP process from accessing files outside
; of specifically designated directories such as /var/www/html/
open_basedir="/var/www/html/"
; ------------------------------------
; Multiple dirs example
; open_basedir="/home/httpd/vhost/cyberciti.biz/html/:/home/httpd/vhost/nixcraft.com/html/:/home/httpd/vhost/theos.in/html/"
; ------------------------------------

More:
https://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html

Macetes TI

Restrict PHP Information Leakage

Updatable objects appear as 'no longer supported'

Mais vistos

Denunciar abuso