Enhanced Security using php.iniEdit This Page

From FamilySearch Wiki

If you are using a web hosting service you start out with their default settings. These are not always in your best interest. One area where it pays to tighten security a bit involves PHP. PHP is a program commonly used to enhance web pages. Even if you don't write programs yourself it is often used to write Blog, Wiki, CMS and other popular types of software packages that you may be using. Even if you are not running any of those (at this point one has to wonder why exactly you do have a web hosting service but we won't go there) PHP is often used by hackers to exploit weaknesses in vulnerable sites.

All you need to do is create a file called 'php.ini' in each of your public directories (basicly any in and under your public_html directory) and put the appropriate commands. The following example is by no means exhaustive but will give you an idea of what one looks like:

disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
open_basedir = /your/systems/public_html
safe_mode = 0
register_globals = 0
allow_url_fopen = 0

This is a deep subject: see the following for more information:


Return to Genealogical Society Webmasters


 

Need additional research help? Contact our research help specialists.

Need wiki, indexing, or website help? Contact our product teams.


Did you find this article helpful?

You're invited to explain your rating on the discussion page (you must be signed in).

  • This page was last modified on 16 February 2012, at 13:51.
  • This page has been accessed 366 times.