ready-to-use resources, tutorials, tips and many other web development related stuff
WARNING! You probably have JavaScript disabled. Some features of this site will not work properly unless JavaScript enabled. changed to

Check Your PHP Environment Security

PHPSecInfo is something like the phpinfo() function. This PHP environment security auditing tool runs from a single function call a series of tests on your PHP environment to identify potential security issues and offer suggestions. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

Usage of the PHPSecInfo is very simple. All you have to do is download this tool, unpack it and upload to the server’s root (this is not the only one option, but recommended one). Then you should not forget to add this new directory to your Apache’s httpd.conf as new alias to access it:

Alias /phpsecinfo "/usr/local/www/phpsecinfo"
<Directory "/usr/local/www/phpsecinfo">
    Options None
    AllowOverride All
    Order deny,allow
    Deny from all

Also .htaccess file is strongly recommended to be added in the PHPSecInfo root to prevent exposition of its results to others as you can see on my ll shell output below.

[root@server /usr/local/www/phpsecinfo]# ll
total 18
-rw-r--r--  1 root  wheel    61 Sep 20 18:08 .htaccess
-rw-r--r--  1 root  wheel  3663 Apr  5  2007 CHANGELOG
-rw-r--r--  1 root  wheel  1370 Apr  5  2007 LICENSE
drwxr-xr-x  3 root  wheel   512 Sep 20 17:46 PhpSecInfo
-rw-r--r--  1 root  wheel  2610 Apr  5  2007 README
drwxr-xr-x  5 root  wheel   512 Sep 20 17:46 docs
-rw-r--r--  1 root  wheel   748 Apr  5  2007 index.php

This .htaccess file should contain couple of entries, something like this:

deny from all
allow from your.ip.address

Now, you can enjoy the PHPSecInfo security auditing tool outputs (logicaly background colored according to security seriousness) and follow its recommendation to improve your PHP environment and server as itself.

PHPSecInfo Output Screenshot

Comments are closed.

© 2008 - 2023, | Powered by Wordpress | Theme by Elegant Themes | Valid XHTML and CSS | Subscribe to RSS