Site icon David Yin's Blog

How to config PHP to secure Web Server

There are certain PHP configuration tat affect security features.  The following recommended security configuration options is for production servers.

register_globals is turned off by default in PHP 4.2 and later.

safe_mode doesn’t really make anything safe.

Do not show error information in public or normal users. It attract hacker to discover the way to get into the system.  Enable error logging instead of the error displaying.

Disable expose_php to hide the PHP version number.

Be noticed that it is very important to keep the production server safe.

Exit mobile version