PHP安全配置

十月 14th, 2009 Posted in 5.安全, PHP | 阅读次数: 214 次

制作:高进波
时间:2009-10-14

修改配置文件
vi php.ini

register_globals 关闭

open_basedir    该设置会限制对指定目录下所有文件的访问,一般为WEB根目录,这样可以避免攻击

disable_functions 禁用PHP不需要的函数,如eval(),passthru(),system()等带有安全风险的函数

               phpinfo,passthru,exec,system,popen,chroot,escapeshellcmd,escapeshellarg,shell_exec,proc_open,proc_get_status,ini_restore,eval

expose_php    设置为关闭,会删除HTTP响应服务头里显示的PHP头标

display_errors    设置为关闭

safe_mode    打开,会执行非常严格的文件访问权限

allow_url_fopen    禁止在远程文件上执行文件操作

 

完成!

相关日志:

Tags: ,

This entry was posted on 星期三, 十月 14th, 2009 at 11:04 and is filed under 5.安全, PHP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “PHP安全配置”

  1. Treatment for Panic Attacks Says:

    五月 2nd, 2011 at 05:22

    Recent Websites I Like…

    [...]here are some other links to sites that I link to because I think they are really worth visiting: http://www.panicattackstreatmentcure.net/links/…...


  2. Resources Says:

    五月 26th, 2011 at 00:26

    Related Websites…

    [...]here are some other links to sites that we find everyday so here are some popular sites we like today[...]…


  3. verona hotel Says:

    八月 18th, 2011 at 10:49

    Blogs you should be reading……

    [...]Here is a great blog you might find Interesting that we encourage you[...]……


留下您的脚印