How to secure PHP sites in IIS

[mohitht]

Hi All,

PHP is an open source server side scripting language. It is secure but the wrong permissions/configurations leave the PHP scripts to vulnerable.

In order to avoid this just tweak the php.ini settings as follows


Edit the php.ini file and edit the contents in it

Code: [Select]


DISPLAY_ERRORS =Off
display_startup_errors = Off
log_errors = On
error_reporting = E_ALL




error_log = /home/.../phplog.txt
expose_php = Off

register_globals = Off

safe_mode = Off




check the changes by calling php function in the file

Code: [Select]

<?php

php_info();

?>





That's It