Using rename_function() for security purposes

[roopurt18]

I'm curious if anyone has used PHP's rename_function() to increase security for their site.  Apache can be set to execute scripts before and after every request, so why not rename certain functions, such as mysql_query(), to company specific names that only the developers know.  Then you could create a new mysql_query() function that logs user information.

 

Does anyone else think that could help increase site security?

[redbullmarky]

i'd be more worried about holes that allow running of scripts anyway, but i can appreciate that it does happen.

[roopurt18]

I completely agree; however, it's impossible to make a site completely secure.  The best we can hope for is to make it difficult enough that only the most clever individuals can bypass security measures.

 

The suggestion I started this topic with would really only be used in the more extreme situations, such as protecting bank or credit card information IMO.

[448191]

Most security issues are caused by input, these aren't circumvented by changing function names. The only scenario in which it may be useful is code injection, but I'm afraid renaming a few functions won't do you any good if an attacker can inject arbitrary code.