server security

From: Ivan Kwok <ivan_at_mediadefender.com>
Date: Thu, 19 Apr 2007 00:41:14 -0700

Please beware not to leave any backup php files on our web server (i.e. *.ph~ files). If you use vi or vim to edit files, by default, it will save a backup copy of the original file. These backup files are not executed by the web server and may reveal parameters like the password for our mysql database.
Just to be safe, I have configured the web server to block the access to backup files with the extensions "bak", "BAK" and "~".
I have also disabled the php functions like show_source, system, shell_exec, passthru, exec, phpinfo, popen, and proc_open since these functions make the system vulnerable.

-Ivan
Received on Fri Sep 14 2007 - 10:56:06 BST

This archive was generated by hypermail 2.2.0 : Sun Sep 16 2007 - 22:19:48 BST