Just wanted to know if there could be a security warning that I should know about PHP hosting?
Thanks
Here are some things:
- < Li>
- Remote URL injection, disabled
allow_url_fopen -
register_globals
Eval , passthru , shell_exec , etc disable and do not forget:
- You are also responsible. Write secure code, read security tutorials from there. Lastly suggested by Rock, you should run: <
For webhost and development teams
P> Ensure that you have the right coding standard in the development environment, if you feel that you have unsafe code If you are not hosting what you are writing to, consider installing a web application firewall. Also consider steps to prevent brutal attacks (for example if you are hosting a popular CMS device), an intrusion prevention system such as Fail 2 BAN can help you do this. Many of these issues have been included in this matter, the video of the talk.
For PHP you can consider using which adds several security features in the PHP core. Be careful of installing it first and be sure to check your sites later that it does not break anything.
Comments
Post a Comment