Author: WHEN Albert PHP is running as an Apache module, Apache's security plays a leading role. Therefore, if the configuration is correct, PHP should be a very secure environment, however, If PHP runs in CGI mode, it is not so secure. The operations mentioned in this article are applicable to both Unix and Windows. 1. Run as an Apache module. Generally, Apache runs as a "nobody" or "www". Therefore, PHP is safe as a module. If PHP is in a VM environment, users may be at risk of browsing other user files. A simple script is as follows: // assume that the root of the document is in/usr/local/websites/mydomain $ location = .. // go to the upper-level directory $ parent = dir ($ location); // display the current directory: /usr/local/websites while ($ entry = $ parent-> read () {echo $ entry .;} $ parent-> close ();?> In this way, you only need to modify $ location to view all the files of other users on the VM. To reduce this risk, we need to take a look at php. ini: Modify the safe_mode, doc_root, and usr_dir parameters to restrict users to their own virtual host environment: safe_mode = On doc_root =/usr/local/apache/htdocs user_dir =/home/Albert TXU/htdocs 2. be careful when running PHP in CGI Mode as CGI, it may expose information that you do not want to know. The first thing to note is to place the execution file outside the root directory of the document. For example,/usr/local/bin. Therefore, all CGI files must start :#! /Usr/local/bin/php to prevent the user from directly calling CGI is to force CGI redirection in Apache: Action php-script/cgi-bin/php. cgi AddHandler php-script. php will convert the following URL http://example.com/mywebdir/test.htm to: When the http://example.com/cgi-bin/php/mywebdir/test.htm is compiling PHP in CGI Mode, it is best to use the following options: -- enable-force-cgi-redirect this article discusses the security of PHP, detailed security information can refer to the PHP home manual on the security of the http://www.php.net/manual/en/security.php that chapter.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
