linux poison RSS
linux poison Email

Get Security Information about your PHP environment - PhpSecInfo

PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

 * It is not a replacement for secure coding practices
 * It does not audit PHP code
 * It is not comprehensive test for either your hosting environment or your web application
 * It is not the "final word."  PHPSecInfo identifies *potential* problems and offers suggestions for improvement.

Installation and using phpsecinfo:
Download PhpSecInfo from here, Uncompress and upload the contents of the archive to your web server's document root.

Open a browser and view the index.php file where you've uploaded the files (probably something like http://www.yourdomain.com/phpsecinfo/index.php) and you should see something similar to ...


If you are getting any warning or notice, you should read the explanation of the result carefully.  Research the issue on-line on resources like the php.net official docs and the PHP Security Guide are very useful. Investigate why your environment is set up in such a way. If there's not a compelling reason to keep it as-is, you should probably try to rectify it and run the PhpSecInfo tests again.



0 comments:

Post a Comment

Related Posts with Thumbnails