|
|
Posted by C. (http://symcbean.blogspot.com/) on 01/13/08 11:51
On 12 Jan, 18:15, firewood...@yahoo.com wrote:
> I am trying to secure sites I am developing, and I am especially
> concerned about intruders gaining command-line access to my sites by
> penetrating my PHP code. I have no idea how someone would do that.
>
> My sites are in a shared hosting environment, and I know that is an
> intrinsically insecure situation. I guess I will just have to live
> with it. However, what methods would someone visiting my site use to
> get to the command line, without having an account on the same server?
> How can I guard against such intrusions?
These might be helpful as an introduction to PHP security:
http://www.owasp.org/index.php/PHP_Top_5
http://shiflett.org/
http://www.hardened-php.net/
But as you observed, with a hosted server, indeed a *shared* hosted
server, you don't have any real security.
C.
Navigation:
[Reply to this message]
|