Skip to content

5 de Março de 2010

checklist de segurança no php

Ao configurar o php é necessário ter em atenção alguns aspectos de segurança.

; php.ini
allow_url_fopen = Off ; Disable URLs for file handling functions

register_globals = Off ; Make sure this hellish fiend is dead

open_basedir = /var/www/htdocs/files ; Restrict file handling functions to a subdirectory

safe_mode = Off ; Disable this, the next is often more practical
safe_mode_gid = On ; Enable safe mode with group check
safe_mode_exec_dir = /var/www/binaries ; Restrict execution functions to this directory
safe_mode_allowed_env_vars = PHP_ ; Restrict access to environment variables

max_execution_time = 30 ; Max script execution time
max_input_time = 60 ; Max time spent parsing inputs
memory_limit = 16M ; Max memory size used by one script
upload_max_filesize = 2M ; Max upload file size
post_max_size = 8M ; Max post size

display_errors = Off ; Do not show errors on screen

log_errors = On ; Log errors to log file

expose_php = Off ; Hide presence of PHP

# Apache configuration or .htaccess

Order allow,deny
Deny from all

Read more from PHP, security
, , ,

Share your thoughts, post a comment.

(required)
(required)

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

Spam protection by WP Captcha-Free