6 Steps To Secure php application Script and Code
Secure PHP application Script Code,6 steps to protect and secure php appplications and web application with php.Follow below rules to secure php code script.
 |
| 6 Steps To Secure php application Script and Code |
It is mandatory to secure php scripts and code from those nefarious hackers that are crouched over the keyboards waiting for you to to slip up.
(1)Remove phpinfo() To secure php application
Remove phpinfo() references ,when you first start building php applications on new web servers . you will probably create a script that contains the phpinfo() function. So you can see what version of php you are using and if it has MySQL support along with the list of other installed libraries. it is fine to check with phpinfo() ,but you should remove that function after you have taken a look. if you don’t ,any hacker out there who discovers a new php vulnerability will be able to see if your site is susceptible to it. it is required to secure php application.
(2)Location of php.ini File To secure php application
If you are not using a web hosting service and have access to the php.ini file. There are a few changes you can make to it to further secure php applications. Ironically the location of your php.ini file can be found by using phpinfo().
(3)Make Safe Mode at on To secure php application
Here are some specific settings you should consider changing in the php.ini file. Open the file in a text editor, make the changes, save them and then restart your web server. it is required to secure php application.
Safe_mode = on
(4)Use of open_basedir and Expose_php To secure php application
When you turn on safe mode. No php scripts can be called by another script with a different owner on the same web server :obviously if you need to allow script from the other owners to call yours , you cannot use this setting. it is required to secure php application.
Open_basedir = directory[:...]
This restricts the scripts and file that PHP will be able to execute or access to this directory and subdirectories beneath it.
Expose_php = off
(5)Use of Display_error To secure php application
With this is set on every web browser that visits your site will be sent header information that reveals information about your php server .turning it off hides that information and makes your server a little less exposed . it is required to secure php application.
Display_errors = off
(6)Keep Log_errors on To secure php application
Once you have developed your application and are running it on your live web server you do not need to see all those error messages. Hopefully you have already addressed errors, but sometimes thing slip through the cracks. To hide the error messages from site visitors, set this to off.it is required to secure php application.
Log_errors = on
This sends your errors to an error log. when you want to check your application for errors this is a good place to begin with display errors set to off and log-errors to set to on.on, you will be able to see problem ,but your site visitors would not. it is required to secure php application.
Error_log = fielname
You will have to check with your particular web server software to locate this file. this is where your errors will be written when logs errors is set to on. it is required to secure php application.
There's a typo: fiELname
ReplyDeleteyeah i got it thanks for commenting here.keep visiting.
Delete