Reinforce PHP environment conversion_PHP tutorial

Author: Albert When PHP runs as a module of Apache, the security of Apache itself plays a leading role. Therefore, if configured correctly, PHP should be a very safe environment. However, if PHP is run in CGI mode, it will not be so safe. . The operations mentioned in this article are applicable to both Unix and Windows. 1. Run as an Apache module Because generally speaking, Apache will run as "nobody" or "www", so PHP is very safe as a module. If PHP is in a virtual host environment, there may be a danger that users can browse other users' files. A simple script is as follows: ​ ​ // Assume that the document root is located at /usr/local/websites/mydomain ​ $location = ../; // Go to the upper directory $parent = dir($location); ​ // Display the current directory: / usr/local/websites while($entry = $parent->read()) {  echo $entry . ;  }  $parent->close();  ?>  In this way, as long as $location is modified, the user can browse all the files on the virtual host other users' files. In order to reduce such dangers, we need to take a look at php.ini and modify the safe_mode, doc_root and usr_dir parameters to limit the user to his own virtual host environment: safe_mode = On doc_root = /usr/local/apache/htdocs user_dir = /home/albertxu/htdocs 2. As CGI You need to be very careful when running PHP as CGI, as it may leak information you don't want others to know. The first thing to note is that you must place the executable file somewhere other than the document root directory. For example, /usr/local/bin, so all CGI files must start with: ​ #!/usr/local/bin/php The way to prevent users from calling CGI directly is to force CGI redirection in Apache: Action php-script /cgi -bin/php.cgi AddHandler php-script .php This will convert the following URL http://example.com/mywebdir/test.htm to: http://example.com/cgi-bin/php/mywebdir/ test.htm When compiling PHP in CGI mode, it is best to use the following options: --enable-force-cgi-redirect This article discusses security issues related to PHP. For detailed security information, please refer to the PHP manual on security. http://www.php.net/manual/en/security.php That chapter.

http://www.bkjia.com/PHPjc/532236.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/532236.htmlTechArticleAuthor: Albert When PHP runs as a module of Apache, the security of Apache itself plays a leading role, so if it is configured correctly , PHP should be a very safe environment, but if PH...