Newb: PHP Security

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Newb: PHP Security

Postby Snot » 18. February 2011 05:16

Hi,


I new to all this and I've just completed my first install. It was all working great!

I have everything secure except for PHP. It's not very clear. The others were very simply to secure but I'm lost on this one. Is it telling me that I'm running php in safe mode and that's bad? Its not very clear at all. Could someone please go into more detail?

PHP is NOT running in "safe mode" UNSECURE
If do you want to offer PHP executions for outside persons, please think about a "safe mode" configuration. But for standalone developer we recommend NOT the "safe mode" configuration because some important functions will not working then. More Info



Thanks
Snot
 
Posts: 6
Joined: 18. February 2011 05:08

Re: Newb: PHP Security

Postby WilliL » 18. February 2011 13:33

you'll find it in file php.ini

approx. line 338

; Safe Mode
; http://php.net/safe-mode
safe_mode = Off

But remember: XAMPP is designed for developement, not as server set for real life!!
Willi
WilliL
 
Posts: 660
Joined: 08. January 2010 10:54
Operating System: Win7Home Prem 64 SP1

Re: Newb: PHP Security

Postby Altrea » 18. February 2011 17:15

Just for info: safe_mode is deprecated since PHP 5.3.0 and will be removed without substitution in PHP 6.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 11 Pro x64

Re: Newb: PHP Security

Postby Snot » 18. February 2011 21:00

I'm not sure what or if i need to do anything. Right now its showing my php is not secure. What do i need to do to get that fixed?

Thanks
Snot
 
Posts: 6
Joined: 18. February 2011 05:08

Re: Newb: PHP Security

Postby Altrea » 18. February 2011 21:21

The biggest PHP security Issue is the programmer.

In other words: Don't use a weapon you aren't able to control.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 11 Pro x64

Re: Newb: PHP Security

Postby Snot » 18. February 2011 21:31

I'm on day two of trying to learn php. I don't know anything about it at all. I've been trying to get the test server working for a day and a half lol.

I was giving a php tutorial and one of the first steps is setting up a test server. I'm still working on step one so i'm not sure what I need to do. All i can find out is that php isn't secure. Does that mean someone can hack my computer and delete all my porn or other nasty stuff?

It just seems like since xampp is telling me in red letters that its not secure that I need to do something to make it secure. Am I asking the wrong question? All the answers i'm getting are not helping me fix this security risk.

Thanks for the help. I'm a complete noob.
Snot
 
Posts: 6
Joined: 18. February 2011 05:08

Re: Newb: PHP Security

Postby Altrea » 18. February 2011 21:43

Don't matter on your PHP Security.
Just follow one really basic rule: Don't let your Apache response on external requests!
Means, put your Computer behind a (router)firewall and don't forward ports to that.

If you follow this basic rule, you are safe and you don't have to worry on your PHP security.

But two best practices to support php security in developement:
- Don't activate register_globals function in the php.ini
- your first lines in every Script you write should be these:
Code: Select all
<?php
error_reporting(E_ALL|E_STRICT);
ini_set('display_errors', 1);


These lines are just to show every PHP Message which occure.

But be careful: if you upload your scripts for production, turn off the error reporting!

P.S.: And i recommend you to not turn on safe_mode. It will be removed in PHP 6 like said before and some scripts don't like safe_mode on.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 11 Pro x64

Re: Newb: PHP Security

Postby Snot » 18. February 2011 21:46

Cool Thanks for the help!
Snot
 
Posts: 6
Joined: 18. February 2011 05:08

Re: Newb: PHP Security

Postby Altrea » 18. February 2011 21:49

You're welcome. Have fun with all that php stuff :D
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 11926
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 11 Pro x64


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 79 guests