Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/funkatron/phpsecinfo

PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement.
https://github.com/funkatron/phpsecinfo

Last synced: 21 days ago
JSON representation

PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement.

Host: GitHub
URL: https://github.com/funkatron/phpsecinfo
Owner: funkatron
License: other
Created: 2009-02-11T03:26:44.000Z (almost 16 years ago)
Default Branch: master
Last Pushed: 2011-09-11T16:13:45.000Z (about 13 years ago)
Last Synced: 2024-10-12T07:43:08.409Z (about 1 month ago)
Language: PHP
Homepage: http://phpsecinfo.com
Size: 318 KB
Stars: 46
Watchers: 10
Forks: 11
Open Issues: 1
Metadata Files:
- Readme: README
- Changelog: CHANGELOG
- License: LICENSE

Awesome Lists containing this project

README

## PHPSECINFO

*Now on GitHub*

_see LICENSE for copyright and license info_

Mailing List for bug reports, feedback, etc:
http://lists.phpsec.org/mailman/listinfo/phpsecinfo

### WHAT IS PHPSECINFO?
PHPSecInfo is a PHP environment security auditing tool modeled after the
phpsecinfo() function. From a single function call, PHPSecInfo runs a
series of tests on your PHP environment to identify potential security
issues and offer suggestions. It can be useful as part of a multilayered
security approach.

#### WHAT IS PHPSECINFO NOT?
* It is not a replacement for secure coding practices
* It does not audit PHP code
* It is not comprehensive test for either your hosting environment
or your web application
* It is not the "final word." PHPSecInfo identifies *potential* problems
and offers suggestions for improvement. Your environment may _require_
certain settings that trigger cautions or warnings.

### HOW DO I USE PHPSECINFO?

The simplest way:

* Uncompress and upload the contents of the archive to your web server's
document root
* Open a browser and view the index.php file where you've uploaded the files
(probably something like http://www.yourdomain.com/phpsecinfo/index.php)

### WHAT DO I DO IF I GET A NOTICE OR WARNING?

Read the explanation of the result carefully. Research the issue on-line
-- resources like the php.net official docs and the PHP Security Guide are
very useful. Investigate why your environment is set up in such a way. If
there's not a compelling reason to keep it as-is, you should probably

A by no means comprehensive list of resources to get your started:

Web Sites:
http://www.php.net/manual/en/security.php
http://phpsec.org/projects/guide/

Books:
http://phparch.com/pgps
http://phpsecurity.org/
http://apachesecurity.net/

### HOW CAN I CUSTOMIZE THE OUTPUT OF PHPSECINFO?

PHPSecInfo is intended to be used as a self-contained tool. However, you
can obtain the test results in an array and then present this data in your
preferred format.

Example:
require_once('PhpSecInfo/PhpSecInfo.php'); // instantiate the class $psi = new PhpSecInfo();

// load and run all tests $psi->loadAndRun(); // grab the results as a multidimensional array $results = $psi->getResultsAsArray(); echo " "; echo print_r($results, true); echo " "; // grab the standard results output as a string $html = $psi->getOutput();

// send it to the browser echo $html;

### HOW CAN I OFFER FEEDBACK, REPORT BUGS, COMPLAIN, ETC.?

The best way is to subscribe to and post on the PHPSecInfo Mailing List:

http://lists.phpsec.org/mailman/listinfo/phpsecinfo