asked on

PHP security using php5.ini

Hi, I recently downloaded phpsecinfo (from http://phpsec.org/projects/phpsecinfo/) to obtain security information about my server. I have one warning concerning force_redirect (http://www.onlineboosterclub.com/phpsecinfo/phpsecinfo/index.php).

I am using a php5.ini file to make changes. I have set the following configurations and none work:

force_redirect = on
force_redirect = 1
cgi.force_redirect = on
cgi.force_redirect = 1

Please help me determine the correct input for this line. Also, should I be concerned with any of the yellow notices that appear? I do require file upload capability.

Ray Paseur

Is php5.ini the right file name? Usually this is php.ini

Ray Paseur

Looking at this page,...
http://www.phpbuilder.com/manual/security.cgi-bin.force-redirect.php

I wonder if you are running PHP through a cgi setup? If not, this version of force-redirect would seem inapplicable.

Ray Paseur

Also, this page has some useful information. Looks like the option is going away with PHP 5.3+

Ray Paseur

Session save path might be worth looking at, if you're on a shared server and do not trust your neighbors. I would not be able to run my applications without allowing URL opens, etc. This may be a "security" issue, but it only manifests if your PHP code is not written correctly. If you follow the common mantra of Filter Input Escape Output you will almost certainly have no trouble at all.

Best regards, ~Ray

marcleo

ASKER

php5.ini has worked for all of the other lines. This page (http://community.godaddy.com/help/article/1085) says to use php5.ini when using PHP 5.

I am running PHP Version 5.2.8.

Thanks for your help.

ASKER CERTIFIED SOLUTION

Ray Paseur

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial