Page 1 of 1
PHP Security
Posted: Tue Sep 25, 2007 5:28 pm
by tecktalkcm0391
Can anyone tell me ANY security problems with PHP? My school is trying to get information like...
Can you allow PHP to run in specified folders only, instead of the whole site?
Can you prevent PHP from being allowed to include any file on the server?
(Ex. require("/home/site/everything/file.php") would return no access where require("/home/site/only folder php can access/file.php") would work)
Can PHP run on Windows ISS? (I think its yes, correct?)
Posted: Tue Sep 25, 2007 5:45 pm
by feyd
Have you read the security lists? They'd have the most information about this subject matter.
Posted: Tue Sep 25, 2007 8:12 pm
by tecktalkcm0391
feyd wrote:Have you read the security lists? They'd have the most information about this subject matter.
What security lists?
Re: PHP Security
Posted: Wed Sep 26, 2007 12:10 am
by The Phoenix
tecktalkcm0391 wrote:Can anyone tell me ANY security problems with PHP? My school is trying to get information like...
Can you allow PHP to run in specified folders only, instead of the whole site?
Sure. Google for htaccess, virt hosts, or similar.
tecktalkcm0391 wrote:Can you prevent PHP from being allowed to include any file on the server?
(Ex. require("/home/site/everything/file.php") would return no access where require("/home/site/only folder php can access/file.php") would work)
Same deal. Htaccess, virt hosts, and so forth.
tecktalkcm0391 wrote:Can PHP run on Windows ISS? (I think its yes, correct?)
You mean Windows IIS (Internet Information Server), not ISS - a security product. And yes, PHP runs on IIS.
Re: PHP Security
Posted: Fri Sep 28, 2007 11:33 am
by tecktalkcm0391
The Phoenix wrote:tecktalkcm0391 wrote:Can anyone tell me ANY security problems with PHP? My school is trying to get information like...
Can you allow PHP to run in specified folders only, instead of the whole site?
Sure. Google for htaccess, virt hosts, or similar.
tecktalkcm0391 wrote:Can you prevent PHP from being allowed to include any file on the server?
(Ex. require("/home/site/everything/file.php") would return no access where require("/home/site/only folder php can access/file.php") would work)
Same deal. Htaccess, virt hosts, and so forth.
tecktalkcm0391 wrote:Can PHP run on Windows ISS? (I think its yes, correct?)
You mean Windows IIS (Internet Information Server), not ISS - a security product. And yes, PHP runs on IIS.
Ok. I'll try to find somemore info. I was having trouble before. I meant IIS, not ISS. I was just asking because my school talked to their website host and they were like your on Windows IIS and PHP lets anybody hack really really easy.