View Single Post
Old 06-19-07, 08:55 AM   #3
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Managing File System w/ PHP.... what permissions should I use?

For additional security I recommend these php.ini changes to protect against information disclosure, RFI (remote file inclusion), and other attacks:

suhosin.executor.include.max_traversal=4
display_errors = Off
allow_url_include = Off
allow_url_fopen = Off
session.use_only_cookies = 1
session.cookie_httponly = 1
expose_php = Off
display_errors = Off
register_globals = Off
disable_functions = phpinfo

I also recommend setting ProductTokens to ServerOnly in your Apache configuration or using mod_security to obfuscate the server banner.
evilghost is offline   Reply With Quote