open_basedir, disable_classess, disable_functions and safe_mode are the directive used to improve the security while on shared hosting environment.
- When you are using shared server always set open_basedir to your root directory in php.ini.
- This directive allows you to disable certain classes for security reasons. It takes on a comma-delimited list of class names. disable_classes is not affected by Safe Mode. This directive must be set in php.ini
- This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_ functions is not affected by Safe Mode. This directive must be set in php.ini.
- safe_mode should be off.
- display_errors should be off, so that end user can see guess the code, when error come in website
- log_errors should be on, so that you can check, if some one try to access your site or any page to whom not authorization.
- allow_url_fopen include should be off. allow_url_fopen enables the URL-aware fopen wrappers that enable accessing the files from remote server. allow_url_include allows the use of URL-aware fopen wrappers with the following functions: include, include_once, require, require_once (remote add files).
- magic quotes (magic_quotes_gpc, magic_quotes_runtime) should be off. It will avoid to add the extra slahes (avoid to call addslashes function).
- register_globals must be off. Take for example this URL, http://yoursite.com/index.php?var=1, which includes a query string. The register_globals statement allows us to access the value with $var instead of $_GET['var'] automatically.
- system(), passthru() and exec() functions must be disable all of which allow a string to be run as a command on the operating system shell.
