linux poison RSS
linux poison Email

Get Security Information about your PHP environment - PhpSecInfo

PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

 * It is not a replacement for secure coding practices
 * It does not audit PHP code
 * It is not comprehensive test for either your hosting environment or your web application
 * It is not the "final word."  PHPSecInfo identifies *potential* problems and offers suggestions for improvement.

Installation and using phpsecinfo:
Download PhpSecInfo from here, Uncompress and upload the contents of the archive to your web server's document root.

Open a browser and view the index.php file where you've uploaded the files (probably something like and you should see something similar to ...

If you are getting any warning or notice, you should read the explanation of the result carefully.  Research the issue on-line on resources like the official docs and the PHP Security Guide are very useful. Investigate why your environment is set up in such a way. If there's not a compelling reason to keep it as-is, you should probably try to rectify it and run the PhpSecInfo tests again.


Post a Comment

Related Posts with Thumbnails