How to turn off register_globals via php.ini?

kurinchilamp — Thu, 16 Jul 2009 13:54:06 +0000

It is always secured to turn OFF register_globals in PHP applications. Earlier, we have seen how to turn OFF register_globals setting via .htaccess file and in this blog we will use php.ini instead.

Using a text editor create a file called php.ini. This will be our first step.

Next, we need to add the following line of code in php.ini
register_globals = off

Upload php.ini file to the root folder where your application resides.

PHP Security: Hiding Program Extensions

kurinchilamp — Thu, 14 May 2009 10:59:54 +0000

Obfuscating Scripting Language Extension in PHP is one of the technique that is effective to a certain extent in delaying the unscrupulous act of an active hacker. Following are few simple techniques used for hiding the program extensions.

i) Hiding program extension using .htaccess
ii) Hiding program extension using php.ini
iii) Hiding program extension using apache directive configuration

Hiding the program extension using .htaccess

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.do

Hiding the program extension using php.ini
Set expose_php = off in your php.ini file to hide php extensions and programmatically drive the navigation through your programs.

Hiding the program extension through Apache configuration
ForceType application/x-httpd-php

To make PHP extension look like other program coding, you can add a setting to Apache’s httpd.conf file like …
AddType application/x-httpd-php .asp .aspx .pl .jsp

Depending on the facilities available in your environment, you can choose one of the technique mentioned here. PHP Framework Codeigniter relies on .htaccess to implement program obscurity and CakePHP has its routing algorithm to achieve this purpose.

Kurinchi Blogger Scribbles ... » PHP security

How to turn off register_globals via php.ini?

PHP Security: Hiding Program Extensions