category:

Improve Security using php.ini

PHP has some vulnerable functions which can be used to break into your server if your scripts are not coded securely. You can setup a list of functions in php.ini using disable_functions directive. This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. This disable_functions feature is not affected by Safe Mode. This directive must be set in php.ini For example, you cannot set this in httpd.conf

Open php.ini file:

# vi /etc/php.ini

Find disable_functions and set new list as follows:

disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,

curl_multi_exec,parse_ini_file,show_source

Save and close the file. Restart httpd:

# service httpd restart

Share
Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

+ 82 = 91

Related:

Stay Updated

Please enter your details below to get
A Free Trial
x + x* =