PHPSecInfo

Posted by reto on 24 October, 2006 20:02

PHPSecInfoThe PHP Security Consortium has release v0.1.1 of their PHPSecInfo tool. From their website:
The idea behind PHPSecInfo is to provide an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.
As PHPSecInfo doesn't provide any new information, at least with this release, I see it as a useful tool for the one's that are not very familiar with php and only want to set up some downloaded scripts on their own web server. What I'd like to see in upcoming versions is a LOT more verbosity. Explaining the settings in depth and giving advices on secure programming linked to some of the settings they test (like input validation without magic_quotes_gpc, handling globals with globals off etc.)

Information and Links

Join the fray by commenting, tracking what others have to say, or linking to it from your blog.