Friday 22 May 2015

Shared Server Security Risk open_basedir disable_functions disable_classes

How to secure website on shared server
There are a variety of security issues that arise when using shared hosting solutions. There are three php.ini directives that remain important in a shared hosting

open_basedir : The open_basedir directive provides the ability to limit the files that PHP can open
to a specified directory tree. When PHP tries to open a file with, for example, fopen()
or include, it checks the the location of the file. If it exists within the directory tree
specified by open_basedir, then it will succeed; otherwise, it will fail to open the file.

disable_functions :  You can disable function like exec, passthru, shell_exec, system etc for security purpose.

disable_classes : You can disable class like DirectoryIterator, Directory for security purpose.


You may set the open_basedir directive in php.ini OR on a per-virtual-host basis in httpd.conf. In the following httpd.conf virtual host example, PHP scripts may only open files located in the /home/user/www and /usr/local/lib/php directories.

<VirtualHost *:80>
    DocumentRoot 'C:/wamp/www/zf1_11/public_html'
    ServerName zf11.localhost
    <Directory 'C:/wamp/www/zf1_11/public_html'>
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

Best Related Posts are Following:

  1. XMLRPC Wordpress Attack.
  2. How can I read request-headers in PHP.
  3. How can I prevent SQL-injection in PHP?.
  4. What is Best method for sanitizing user input with PHP?.
  5. Difference between Notice and warning and fatal error.
  6. How can I prevent SQL-injection in PHP [SOLVED].
  7. PHP Register Globals.
  8. PHP Sessions and Cookie and Security.
  9. PHP Check Mime Type of File - Return Information About A File.
  10. Improve Ajax Performance.
  11. PHP Captcha Code Example Code Snippets.
  12. PHP - Secure Ajax Call from Hackers - Example.
  13. htaccess code snippets example.
  14. Manage Cron Job with PHP - SSH2 Connection.
  15. Shared Server Security Risk open_basedir disable_functions disable_classes.
  16. Spoofed Forms - Stop Spoofed Form Submissions.
  17. Session Fixation.
  18. Session Hijacking.
  19. openssl private encrypt.
  20. Cross Site Request Forgery.
  21. SQL Injection Attack - PHP & MySQL.
  22. Cross-Site Scripting - cross site scripting examples.
  23. PHP INI settings.
Labels: