On 2011年03月15日, in soft, by netoearth

PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

* It is not a replacement for secure coding practices
* It does not audit PHP code
* It is not comprehensive test for either your hosting environment or your web application
* It is not the “final word.”  PHPSecInfo identifies *potential* problems and offers suggestions for improvement.

Installation and using phpsecinfo:
Download PhpSecInfo from here, Uncompress and upload the contents of the archive to your web server’s document root.

Open a browser and view the index.php file where you’ve uploaded the files (probably something like and you should see something similar to …

If you are getting any warning or notice, you should read the explanation of the result carefully.  Research the issue on-line on resources like the official docs and the PHP Security Guide are very useful. Investigate why your environment is set up in such a way. If there’s not a compelling reason to keep it as-is, you should probably try to rectify it and run the PhpSecInfo tests again.

Tagged with:  

Comments are closed.