Jsp, Tomcat, J2Ee, Linux Web Hosting, Hibernate Programming Blog

516 CHAPTER 21 SECURE PHP PROGRAMMING Perhaps the best place to start is with a review of PHP s configuration parameters, because you can take advantage of them right from the very start, prior to doing anything else with the language. Configuring PHP Securely PHP offers a number of configuration parameters that are intended to greatly increase PHP s level of security awareness. This section introduces many of the most relevant options. Note Disabling the register_globals directive aids tremendously in the prevention of user-initiated attempts to trick the application into accepting otherwise dangerous data. However, because this matter was already discussed in detail in Chapter 3, the same information will not be repeated in this chapter. Safe Mode Safe mode is of particular interest to those running PHP in a shared-server environment. When safe mode is enabled, PHP always verifies that the executing script s owner matches the owner of the file that the script is attempting to open. This prevents the unintended execution, review, and modification of files not owned by the executing user, provided that the file privileges are also properly configured to prevent modification. Enabling safe mode also has other significant effects on PHP s behavior, in addition to diminishing, or even disabling, the capabilities of numerous standard PHP functions. These effects and the numerous safe mode related parameters that comprise this feature are discussed in this section. safe_mode (boolean) Scope: PHP_INI_SYSTEM, Default value: 0 Enabling the safe_mode directive places restrictions on several potentially dangerous language features when using PHP in a shared environment. You can enable safe_mode by setting it to the Boolean value of on, or disable it by setting it to off. Its restriction scheme is based on comparing the UID (user ID) of the executing script and the UID of the file that the script is attempting to access. If the UIDs are the same, the script can execute; otherwise, the script fails. Specifically, when safe mode is enabled, several restrictions come into effect: Use of all input/output functions (fopen(), file(), and require(), for example) is restricted to only files that have the same owner as the script that is calling these functions. For example, assuming that safe mode is enabled, if a script owned by Mary calls fopen() and attempts to open a file owned by John, it will fail. However, if Mary owns both the script calling fopen() and the file called by fopen(), the attempt will be successful. Attempts by a user to create a new file will be restricted to creating the file in a directory owned by the user.
We recommend high quality webhost to host and run your jsp application: christian web host services.

This entry was posted on Friday, December 28th, 2007 at 3:20 am and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.