Quote:
Originally Posted by kgun
|
I provide links to the PHP documentation where appropriate (in recommending configuration changes) and I researched the documentation extensively to determine potentially-dangerous functions and configurations.
It is also worth noting that PHP 6.0 does
not support "safe mode"
(reference), so I have included all functions which safe mode has historically restricted within the script.
Quote:
Originally Posted by kgun
Is your file / functions dependent on server configuration, php.ini (that I can not use on my shared server) versus .htaccess?
|
The script will parse all loaded PHP configuration directives (whether PHP_INI_ALL, PHP_INI_PERDIR, or PHP_INI_SYSTEM).
Apache override files may load additional directives - those directives will be evaluated as they occur (I am not aware of a good way to distinguish between directive evaluation from within the script, though I will take into account the options which shared hosting users may have if Apache's AllowOverride setting is enabled and PHP is compiled as an Apache module).
Quote:
Originally Posted by kgun
Can it be used on all PHP installations?
|
The audit script may be used with any webserver installation - while it will also run under a CLI installation there really isn't much of a need (if you're running PHP-CLI it is likely that you are primarily concerned with functionality over security).
Thank you for the preliminary suggestions - I'll take a look at adding some additional instructions to the script (and please do let me know what you think after you've had a chance to run it).