PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.Yes PHP is a programming language that works on Linux and windows server. And this language helps in maintaining user accounts and server. I will tell you some feature to lock down PHP and securing it. Firstly I will tell you about how to edit php.ini as this is the main arrangement folder for php. You can do it by following way:
Put On Safe Mode:
You can safe guard your security and functions which you are using through this easy mode. You can work out over the security problems happening in shared server with the help of PHP safe mode. Although it not good to resolve the security problem at php level but as features of web server and OS stage are not very trustworthy many webmasters prefer and use safe mode. I will too suggest you to use safe mode if you are working on shared environment. It will help you to keep your data safe and untouchable.
Exampel:
safe_mode = On
Discontinue Unsafe PHP functions:
Through php your server can mess up with other server an there is danger that anyone can hack your account and can get your root. Many users prefer apprehensive php scripts as to get entry to your server and to provide dangerous commands and capture your server and put there control.
Example:
disable_functions = phpinfo,eval,system,shell_exec,passthru,popen
Put Off Registers Global:
Through registers global anybody can introduce any variable like in the form of HTML scripts to your data as it is very easy under php environment. Anybody can write insecure code as php does not involve variable initialization. Internal variables get mixed with the data send by any other user. Many peoples did not know that from were this unwanted data is coming and getting mixed with their variable.
Example:
register_globals = Off
Work on PHPsuexec:
The great problem with PHP is that on Cpanel servers it works as nobody and if any user sets a script to 777 admittance so it means nobody user has right to use that file and if any other user sharing the same server wrote some script to search 777 files can also get entry over the file and he can very easily introduce some unwanted material to your data and can remain unknown. And safe mode does not work over sharing other user’s files and here PHPsuexec helps to maintain privacy and stops one user to get through other users file. And with PHPsuexec you can very easily trace the other person who is doing spamming over your mails.
Through the above explained function you can easily protect PHP on shared server. There is also one more method, through which you can protect files from other user so that he should be unable to read or to spam it, that is open base protection.
Enable open_basedir
When the open_basedir parameter is enabled, PHP will be able to access only those files, which are placed in the specified directories (and subdirectories).
Example:
open_basedir = /var/www/html
Close display error
If the display_errors parameter is turned off, PHP errors and warnings are not being displayed. Because such warnings often reveal precious information like path names, SQL queries etc., it is strongly recommended to turn this parameter off on production servers.
Exampel:
display_errors = Off
Open error log
When log_errors is turned on, all the warnings and errors are logged into the file that is specified by the error_log parameter. If this file is not accessible, information about warnings and errors are logged by the Apache server.
Example:
log_errors = On
Error log filename
This parameter specifies the name of the file, which will be used to store information about warnings and errors (attention: this file must be writeable by the user or group apache)
Example:
error_log = filename
