PHP scripts security?

Problems with the Windows version of XAMPP, questions, comments, and anything related.

PHP scripts security?

Postby zeusx » 29. September 2008 13:42

Hi All

I try to win2003 + xampp set up web servers, will be launched to support multi-site, the opening of virtual hosting services,

Editor xampp \ apache \ conf \ extra \ httpd-vhosts.conf file

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot d: \ web_server \ xampp \ htdocs \ a.com
ServerName www.a.com
# # ErrorLog @ rel_logfiledir @ / dummy-host2.example.com-error_log
# # CustomLog @ rel_logfiledir @ / dummy-host2.example.com-access_log common
</ VirtualHost>

Browser enter www.a.com successful visit.

However, there is a very serious security issues with www.a.com users upload PHP scripts can visit any district in any directory; can perform any DOS command. On the server has a list of all the district and the rights of all, I would like to ask how to prevent this? xampp for server products, the need to pay special attention to security settings?

Thanks!
zeusx
 
Posts: 3
Joined: 29. September 2008 12:34

Postby Wiedmann » 29. September 2008 13:47

I try to win2003 + xampp set up web servers, will be launched to support multi-site, the opening of virtual hosting services,

You should better use IIS on Windows for such a project. (Or of course Apache for *nix)

However, there is a very serious security issues with www.a.com users upload PHP scripts can visit any district in any directory; can perform any DOS command.

Search for the PHP setting "open_basedir".
(Well, you can find more about the PHP and security in the PHP manual)

xampp for server products, the need to pay special attention to security settings?

Don't forgett:
XAMPP is designed for local web development (and not for production server).
Wiedmann
AF Moderator
 
Posts: 17102
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Postby zeusx » 29. September 2008 14:49

Security set production server, in addition to running security / index.php ,for Php.ini security settings?
zeusx
 
Posts: 3
Joined: 29. September 2008 12:34


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 143 guests