How to secure your php.ini

PHP is a fantastic language and is perfect for you dynamic mySQL driven site, but the flexibility of it at the same time makes it vulnerable for external expoits. Here are a few tips of how to secure your php.ini !

Edit our php.ini by logging into shell with root :



pico /usr/lib/php.ini



And change the line:



disable_functions =


to:


disable_functions = exec, shell_exec, system, passthru,popen, virtual, show_source, readfile, pclose



another thing you could change is


safe_mode = Off

to

safe_mode = On




another thing you could disable is

enable_dl=On


change to


enable_dl=Off



More in the forum http://wiredgorilla.com/main/ftopicp-31.html

Spread the love
blank