php manual PHP Manual - security.intro

PHP, short for "PHP: Hypertext Preprocessor", is an open-source, reflective programming language used mainly for developing server-side applications and dynamic web content, and more recently, other software.

PHP allows interaction with a large number of relational database management systems, such as MySQL, Oracle, IBM DB2, Microsoft SQL Server, PostgreSQL and SQLite. PHP runs on most major operating systems, including UNIX, Linux, Windows, and Mac OS X, and can interact with many major web servers. The official PHP website contains extensive documentation.

There is a command line interface, as well as GUI libraries such as the Gimp Tool Kit (GTK+) and text mode libraries like Ncurses and Newt.

PHP is the result of the efforts of many contributors. It is licensed under the PHP License, a BSD-style license. Since version 4, it has been powered by the Zend engine.

kup tanio wakacje Chorwacji, classic muscle cars, Katalogi SEO,, wynajem Mercedes Benz,, tani profesjonalny hosting, codecademy,


Chapter 22. Introduction

PHP is a powerful language and the interpreter, whether included in a web server as a module or executed as a separate CGI binary, is able to access files, execute commands and open network connections on the server. These properties make anything run on a web server insecure by default. PHP is designed specifically to be a more secure language for writing CGI programs than Perl or C, and with correct selection of compile-time and runtime configuration options, and proper coding practices, it can give you exactly the combination of freedom and security you need.

As there are many different ways of utilizing PHP, there are many configuration options controlling its behaviour. A large selection of options guarantees you can use PHP for a lot of purposes, but it also means there are combinations of these options and server configurations that result in an insecure setup.

The configuration flexibility of PHP is equally rivalled by the code flexibility. PHP can be used to build complete server applications, with all the power of a shell user, or it can be used for simple server-side includes with little risk in a tightly controlled environment. How you build that environment, and how secure it is, is largely up to the PHP developer.

This chapter starts with some general security advice, explains the different configuration option combinations and the situations they can be safely used, and describes different considerations in coding for different levels of security.