Apache Friends Support Forum

Hi,


I new to all this and I've just completed my first install. It was all working great!

I have everything secure except for PHP. It's not very clear. The others were very simply to secure but I'm lost on this one. Is it telling me that I'm running php in safe mode and that's bad? Its not very clear at all. Could someone please go into more detail?

PHP is NOT running in "safe mode" UNSECURE
If do you want to offer PHP executions for outside persons, please think about a "safe mode" configuration. But for standalone developer we recommend NOT the "safe mode" configuration because some important functions will not working then. More Info

Thanks

you'll find it in file php.ini

approx. line 338

; Safe Mode
; http://php.net/safe-mode
safe_mode = Off

But remember: XAMPP is designed for developement, not as server set for real life!!

Just for info: safe_mode is deprecated since PHP 5.3.0 and will be removed without substitution in PHP 6.

I'm not sure what or if i need to do anything. Right now its showing my php is not secure. What do i need to do to get that fixed?

Thanks

The biggest PHP security Issue is the programmer.

In other words: Don't use a weapon you aren't able to control.

I'm on day two of trying to learn php. I don't know anything about it at all. I've been trying to get the test server working for a day and a half lol.

I was giving a php tutorial and one of the first steps is setting up a test server. I'm still working on step one so i'm not sure what I need to do. All i can find out is that php isn't secure. Does that mean someone can hack my computer and delete all my porn or other nasty stuff?

It just seems like since xampp is telling me in red letters that its not secure that I need to do something to make it secure. Am I asking the wrong question? All the answers i'm getting are not helping me fix this security risk.

Thanks for the help. I'm a complete noob.

Don't matter on your PHP Security.
Just follow one really basic rule: Don't let your Apache response on external requests!
Means, put your Computer behind a (router)firewall and don't forward ports to that.

If you follow this basic rule, you are safe and you don't have to worry on your PHP security.

But two best practices to support php security in developement:
- Don't activate register_globals function in the php.ini
- your first lines in every Script you write should be these:

Code: Select all

<?php
error_reporting(E_ALL|E_STRICT);
ini_set('display_errors', 1);


These lines are just to show every PHP Message which occure.

But be careful: if you upload your scripts for production, turn off the error reporting!

P.S.: And i recommend you to not turn on safe_mode. It will be removed in PHP 6 like said before and some scripts don't like safe_mode on.

Cool Thanks for the help!

You're welcome. Have fun with all that php stuff