Can anyone tell me ANY security problems with PHP? My school is trying to get information like...
Can you allow PHP to run in specified folders only, instead of the whole site?
Can you prevent PHP from being allowed to include any file on the server?
(Ex. require("/home/site/everything/file.php") would return no access where require("/home/site/only folder php can access/file.php") would work)
Can PHP run on Windows ISS? (I think its yes, correct?)
PHP Security
Moderator: General Moderators
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
- The Phoenix
- Forum Contributor
- Posts: 294
- Joined: Fri Oct 06, 2006 8:12 pm
Re: PHP Security
Sure. Google for htaccess, virt hosts, or similar.tecktalkcm0391 wrote:Can anyone tell me ANY security problems with PHP? My school is trying to get information like...
Can you allow PHP to run in specified folders only, instead of the whole site?
Same deal. Htaccess, virt hosts, and so forth.tecktalkcm0391 wrote:Can you prevent PHP from being allowed to include any file on the server?
(Ex. require("/home/site/everything/file.php") would return no access where require("/home/site/only folder php can access/file.php") would work)
You mean Windows IIS (Internet Information Server), not ISS - a security product. And yes, PHP runs on IIS.tecktalkcm0391 wrote:Can PHP run on Windows ISS? (I think its yes, correct?)
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
Re: PHP Security
Ok. I'll try to find somemore info. I was having trouble before. I meant IIS, not ISS. I was just asking because my school talked to their website host and they were like your on Windows IIS and PHP lets anybody hack really really easy.The Phoenix wrote:Sure. Google for htaccess, virt hosts, or similar.tecktalkcm0391 wrote:Can anyone tell me ANY security problems with PHP? My school is trying to get information like...
Can you allow PHP to run in specified folders only, instead of the whole site?
Same deal. Htaccess, virt hosts, and so forth.tecktalkcm0391 wrote:Can you prevent PHP from being allowed to include any file on the server?
(Ex. require("/home/site/everything/file.php") would return no access where require("/home/site/only folder php can access/file.php") would work)
You mean Windows IIS (Internet Information Server), not ISS - a security product. And yes, PHP runs on IIS.tecktalkcm0391 wrote:Can PHP run on Windows ISS? (I think its yes, correct?)