PHP Security

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply

How secure is PHP? (Excluding hacks via POST and/or COOKIE and/or SESSIONS)

100%
3
75%
90%-100%
0
No votes
80%-90%
0
No votes
70%-80%
1
25%
60%-70%
0
No votes
50%-60%
0
No votes
40%-50%
0
No votes
25%-40%
0
No votes
Less than 25%
0
No votes
 
Total votes: 4

User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

PHP Security

Post by tecktalkcm0391 »

Can anyone tell me ANY security problems with PHP? My school is trying to get information like...

Can you allow PHP to run in specified folders only, instead of the whole site?
Can you prevent PHP from being allowed to include any file on the server?
(Ex. require("/home/site/everything/file.php") would return no access where require("/home/site/only folder php can access/file.php") would work)
Can PHP run on Windows ISS? (I think its yes, correct?)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Have you read the security lists? They'd have the most information about this subject matter.
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

feyd wrote:Have you read the security lists? They'd have the most information about this subject matter.
What security lists?
User avatar
The Phoenix
Forum Contributor
Posts: 294
Joined: Fri Oct 06, 2006 8:12 pm

Re: PHP Security

Post by The Phoenix »

tecktalkcm0391 wrote:Can anyone tell me ANY security problems with PHP? My school is trying to get information like...

Can you allow PHP to run in specified folders only, instead of the whole site?
Sure. Google for htaccess, virt hosts, or similar.
tecktalkcm0391 wrote:Can you prevent PHP from being allowed to include any file on the server?
(Ex. require("/home/site/everything/file.php") would return no access where require("/home/site/only folder php can access/file.php") would work)
Same deal. Htaccess, virt hosts, and so forth.
tecktalkcm0391 wrote:Can PHP run on Windows ISS? (I think its yes, correct?)
You mean Windows IIS (Internet Information Server), not ISS - a security product. And yes, PHP runs on IIS.
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Re: PHP Security

Post by tecktalkcm0391 »

The Phoenix wrote:
tecktalkcm0391 wrote:Can anyone tell me ANY security problems with PHP? My school is trying to get information like...

Can you allow PHP to run in specified folders only, instead of the whole site?
Sure. Google for htaccess, virt hosts, or similar.
tecktalkcm0391 wrote:Can you prevent PHP from being allowed to include any file on the server?
(Ex. require("/home/site/everything/file.php") would return no access where require("/home/site/only folder php can access/file.php") would work)
Same deal. Htaccess, virt hosts, and so forth.
tecktalkcm0391 wrote:Can PHP run on Windows ISS? (I think its yes, correct?)
You mean Windows IIS (Internet Information Server), not ISS - a security product. And yes, PHP runs on IIS.
Ok. I'll try to find somemore info. I was having trouble before. I meant IIS, not ISS. I was just asking because my school talked to their website host and they were like your on Windows IIS and PHP lets anybody hack really really easy.
Post Reply