• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

PhpSecInfo/H03-May-2022-2,8571,445

docs/H03-May-2022-178144

CHANGELOGH A D05-Apr-20073.6 KiB7062

LICENSEH A D05-Apr-20071.3 KiB106

READMEH A D05-Apr-20072.5 KiB8759

index.phpH A D05-Apr-2007748 314

README

1## PHPSECINFO
2
3_see LICENSE for copyright and license info_
4
5Mailing List for bug reports, feedback, etc:
6http://lists.phpsec.org/mailman/listinfo/phpsecinfo
7
8
9### WHAT IS PHPSECINFO?
10PHPSecInfo is a PHP environment security auditing tool modeled after the
11phpsecinfo() function.  From a single function call, PHPSecInfo runs a
12series of tests on your PHP environment to identify potential security
13issues and offer suggestions.  It can be useful as part of a multilayered
14security approach.
15
16
17#### WHAT IS PHPSECINFO NOT?
18* It is not a replacement for secure coding practices
19* It does not audit PHP code
20* It is not comprehensive test for either your hosting environment
21  or your web application
22* It is not the "final word."  PHPSecInfo identifies *potential* problems
23  and offers suggestions for improvement.  Your environment may _require_
24  certain settings that trigger cautions or warnings.
25
26
27### HOW DO I USE PHPSECINFO?
28
29The simplest way:
30
31* Uncompress and upload the contents of the archive to your web server's
32  document root
33* Open a browser and view the index.php file where you've uploaded the files
34  (probably something like http://www.yourdomain.com/phpsecinfo/index.php)
35
36
37### WHAT DO I DO IF I GET A NOTICE OR WARNING?
38
39Read the explanation of the result carefully.  Research the issue on-line
40-- resources like the php.net official docs and the PHP Security Guide are
41very useful.  Investigate why your environment is set up in such a way.  If
42there's not a compelling reason to keep it as-is, you should probably
43
44A by no means comprehensive list of resources to get your started:
45
46Web Sites:
47http://www.php.net/manual/en/security.php
48http://phpsec.org/projects/guide/
49
50Books:
51http://phparch.com/pgps
52http://phpsecurity.org/
53http://apachesecurity.net/
54
55
56### HOW CAN I CUSTOMIZE THE OUTPUT OF PHPSECINFO?
57
58PHPSecInfo is intended to be used as a self-contained tool.  However, you
59can obtain the test results in an array and then present this data in your
60preferred format.
61
62Example:
63<code>
64require_once('PhpSecInfo/PhpSecInfo.php');
65// instantiate the class
66$psi = new PhpSecInfo();
67
68// load and run all tests
69$psi->loadAndRun();
70
71// grab the results as a multidimensional array
72$results = $psi->getResultsAsArray();
73echo "<pre>"; echo print_r($results, true); echo "</pre>";
74
75// grab the standard results output as a string
76$html = $psi->getOutput();
77
78// send it to the browser
79echo $html;
80</code>
81
82
83### HOW CAN I OFFER FEEDBACK, REPORT BUGS, COMPLAIN, ETC.?
84
85The best way is to subscribe to and post on the PHPSecInfo Mailing List:
86
87http://lists.phpsec.org/mailman/listinfo/phpsecinfo