[翻译]PHP安全小建议(上)
| formation that may give intruders hints to the structure of your system. By default, display_errors = On.
You can find more information and error reporting options in the manual''s Error Handling and Logging Functions Introduction section. ------------------------------------------------------------------------------ PHP安全建议#2 使用隐藏信息来保证安全不能从根本上起到安全作用(Security by obscurity is no security at all.),但另一方面你也不想泄露你的站点信息。 今天的建议很简单,但在生产环境下却经常被忽视。 务必不要显示错误信息和站点的潜在泄密信息 只要简单地在生产服务器的php.ini 设置display_errors = Off ,就可以防止泄露系统结构信息,让入侵者有机可乘。默认的设置是:display_errors = On. 在手册的错误处理和日志函数介绍一节,你可以找到更多信息和错误报告选项。 ------------------------------------------------------------------------------ PHP Security Tip #3 Cal Evans (editor) | 1 comment | Monday, March 5, 2007 Being Security conscious is a good thing but that alone won’t solve the problem. Developers have to be vigilant when it comes to security. Even then you can’t do it alone. Today’s Security tip reminds you of this. Since your application may be harboring security vulnerabilities that you have not been exposed to, third-party security software or services should be considered to help bring a fresh perspective and find overlooked weaknesses. As a developer you should have tools in your toolbox that will help you find security vulnerabilities in your applications. Tools like Chorizo will help you by performing automated scans of your code. Programs like PHPSecInfo will help you ensure that your environment is configured properly. Using tools like these and other scanning tools should not be the only thing you do to ensure security. They are however, an important part of the mix. Let trusted projects and vendors help you build and maintain secure applications. ------------------------------------------------------------------------------ PHP安全建议#3 有安全意识是一件好事,但其本身不能解决问题,在安全问题上时开发者必须时刻保持警惕,尽管那样还是不足够的,今天的安全建议给你提 个醒: 由于你的应用程序可能存在很多你未曾发现的安全隐患,使用第三方安全软件或服务可以帮助你对应用程序做一个清晰的透视,发现被忽视的不足之处。 作为开发者,你的工具箱应该有能帮助检测应用程序安全隐患方面的工具。像Chorizo那样的工具, 它能自动扫描你的代码来发现问题,而像PHPSecInfo这样的程序可以确保环境的正确配置。 为了安全的保证,仅仅是使用这些工具或者其他扫描工具还是不够的,然而它们是各种组合措施里很重要的一部分。值得依赖的项目和供应商将有助你建立和维护安全的应用程序。 ------------------------------------------------------------------------------ PHP Security Tip #4 Cal Evans (editor) | 7 comments | Tuesday, March 6, 2007 “Security through obscurity is no security at all.” so the adage goes. However, the flip side of that coin is, obscurity, wh |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
