orange08 Posted April 13, 2009 Share Posted April 13, 2009 hi, i'm a newbie in both php and MySQL... and this is the first time i'm building a website...so, can you experts here give me some tips on security that i need to take care by using php and MySQL? thx! Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/ Share on other sites More sharing options...
Maq Posted April 13, 2009 Share Posted April 13, 2009 Take a look at the phpfreaks tutorial: PHP Security. Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/#findComment-808554 Share on other sites More sharing options...
orange08 Posted April 21, 2009 Author Share Posted April 21, 2009 Take a look at the phpfreaks tutorial: PHP Security. thanks for the tutorial, i have read it a few times, but for my poor english as well as new to php, i found myself quite hard to understand it. so, hope that you guys here can continue to guide me through this hard process, as security is quite important for a website... for the error reporting part, the first issue mentioned in the tutorial... it mentioned that we should not display out our error for our user, but we must keep those error in a log file, so we can check and fix it. and it can be accomplished by setting the directives in configuration file called .htaccess...i have found this file in my hosting. when open it, i only has this line: Options -Indexes so, i would like to know is that the directives are set here? Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/#findComment-815241 Share on other sites More sharing options...
orange08 Posted April 22, 2009 Author Share Posted April 22, 2009 really need help here, i'm really can't figure it out... :'( Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/#findComment-816299 Share on other sites More sharing options...
Yesideez Posted April 22, 2009 Share Posted April 22, 2009 If you're having severe problems understanding it I suggest a good way to learn would be asking for help with security when you post questions asking for help with code. Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/#findComment-816304 Share on other sites More sharing options...
orange08 Posted April 22, 2009 Author Share Posted April 22, 2009 If you're having severe problems understanding it I suggest a good way to learn would be asking for help with security when you post questions asking for help with code. thank you for your reminder, but for this part, it's not concern the code, but where to set the directives according to the tutorial(as i have no basic and still very new, so i just try to follow whatever from the tutorial...seem got something that can't understand then try to asking help here) Apache has some configuration files called.htaccess where you can configure Apache directives for the particular folder (and sub-folders) the files is located in. Some hosts do not allow you to use this, but if you can then the PHP module has a directive called phpflag which allows you to set PHP directives. You simply do it like this: php_flag directive_name directive_value so, the problem is i can't confirm where to put this code php_flag display_errors off php_flag error_reporting 8191 php_flag log_errors on php_flag error_log /home/someone/logs/php_errors.lo Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/#findComment-816309 Share on other sites More sharing options...
Yesideez Posted April 22, 2009 Share Posted April 22, 2009 To be honest there are so many issues when it comes to security that I don't think it is a good idea worrying too much about this right now because you say you're new to PHP and MySQL. I would learn PHP and MySQL and as you feel confident start asking for help with security. That second chunk you posted needs to be placed inside the .htaccess file at the root of your public area web space (usually public_html or similar) Once there if you can still access your web space things should have worked. Just be sure to replace the "someone" in the last line with a valid full path on your web space. Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/#findComment-816312 Share on other sites More sharing options...
orange08 Posted April 22, 2009 Author Share Posted April 22, 2009 To be honest there are so many issues when it comes to security that I don't think it is a good idea worrying too much about this right now because you say you're new to PHP and MySQL. I would learn PHP and MySQL and as you feel confident start asking for help with security. yup, i understand that this security issues is not something that easy to deal with, especially as a newbie like me, but my case is while learning, i'm setting up a website, so i must take care of it in this stage...so, really really need you all kindly guys to give me a hand. That second chunk you posted needs to be placed inside the .htaccess file at the root of your public area web space (usually public_html or similar) Once there if you can still access your web space things should have worked. Just be sure to replace the "someone" in the last line with a valid full path on your web space. ya, i found this .htaccess file inside public_html, under cgi-bin folder... as i have mentioned in the previous post, when i open this file, there is only this line there Options -Indexes so, is that correct to paste those code here? how about the above line? just leave it there? about the path, is that it defines the log file path in our webspace, to keep the occurred error? thanks! Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/#findComment-816319 Share on other sites More sharing options...
Yesideez Posted April 22, 2009 Share Posted April 22, 2009 I don't think it matters where you place it in this case but it's good practice to not disturb what's already there by placing anything new at the end of the file and separate additional chunks with a blank line. Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/#findComment-816321 Share on other sites More sharing options...
orange08 Posted April 22, 2009 Author Share Posted April 22, 2009 I don't think it matters where you place it in this case but it's good practice to not disturb what's already there by placing anything new at the end of the file and separate additional chunks with a blank line. again, sorry for my poor english... you meant you are not recommend to put something new in that .htaccess file? or you meant just leave Options -Indexes at the original place, then paste my directives setting code at the below, after a blank line? Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/#findComment-816325 Share on other sites More sharing options...
Yesideez Posted April 22, 2009 Share Posted April 22, 2009 Yes. Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/#findComment-816330 Share on other sites More sharing options...
orange08 Posted April 22, 2009 Author Share Posted April 22, 2009 Yes. sorry, your 'yes' is refer to which case? i have mentioned two cases in my post... is that this case? you meant you are not recommend to put something new in that .htaccess file? or this case? or you meant just leave Options -Indexes at the original place, then paste my directives setting code at the below, after a blank line? thanks! Quote Link to comment https://forums.phpfreaks.com/topic/153848-php-website-security/#findComment-816334 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.