php

http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html

PHP Security Consortium: PHPSecInfo Test Details - allow_url_fopen

Test Description This test checks to see if allow_url_fopen is enabled. Security Implications If enabled, allow_url_fopen allows PHP's file functions -- such as file_get_contents() and the include and require statements -- can retrieve data from remote locations, like an FTP or web site. Programmers frequently forget this and don't do proper input filtering when passing user-provided data to these functions, opening them up to code injection vulnerabilities. A large number of code injection vulnerabilities reported in PHP-based web applications are caused by the combination of enabling allow_url_fopen and bad input filtering.

About phpMyAdmin is a free software tool written in PHP , intended to handle the administration of MySQL over the World Wide Web. phpMyAdmin supports a wide range of operations with MySQL. The most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions, etc), while you still have the ability to directly execute any SQL statement. phpMyAdmin comes with a wide range of documentation and users are welcome to update our wiki pages to share ideas and howtos for various operations. The phpMyAdmin team will try to help you if you face any problem; you can use a variety of support channels to get help. phpMyAdmin is also very deeply documented in a book written by one of the developers – Mastering phpMyAdmin for Effective MySQL Management , which is available in English and Spanish .

phpMyAdmin

Powerful component based mailing library for PHP – Swift Mailer

<a href="http://adserver.adtechus.com/adlink/3.0/5159/425846/0/16/ADTECH;loc=300;key=key1+key2+key3+key4;grp=[group]" target="_blank"><img src="http://adserver.adtechus.com/adserv/3.0/5159/425846/0/16/ADTECH;loc=300;key=key1+key2+key3+key4;grp=[group]" border="0" width="1" height="1"></a> by Darrell Brogdon 02/15/2001 <a href="http://adserver.adtechus.com/adlink/3.0/5159/425847/0/170/ADTECH;loc=300;key=key1+key2+key3+key4;grp=[group]" target="_blank"><img src="http://adserver.adtechus.com/adserv/3.0/5159/425847/0/170/ADTECH;loc=300;key=key1+key2+key3+key4;grp=[group]" border="0" width="300" height="250"></a> In a previous article , I gave an overview of what the php.ini file is and how you might use it. Now let's get into detail on some of the more useful directives and learn how to use them. output_buffering

http://oreilly.com/pub/a/php/2001/02/15/php_admin.html

PHP Configuration Directives

Framework: Documentation: Zend_Acl - Zend Framework Manual

eAccelerator

APC

PECL :: The PHP Extension Community Library

Planet PHP

Security

PHP Video Tutorials For Web Designers - KillerPHP.com

http://phpsense.com/2006/php-email-injection-attacks/

Sending emails in PHP & email injection attacks

PHP’s inbuilt mail() function provides very limited mail functionality. Although its easy to send text emails, but thats pretty much the only thing you can do with it. If you need extended functionality like HTML emails or attachments, you can always go through a couple of hundred pages of mail specifications at IETF . Or you can stop trying to reinvent the wheel and use existing PHP mail libraries.

<a href="http://adserver.adtechus.com/adlink/3.0/5159/425846/0/16/ADTECH;loc=300;key=key1+key2+key3+key4;grp=[group]" target="_blank"><img src="http://adserver.adtechus.com/adserv/3.0/5159/425846/0/16/ADTECH;loc=300;key=key1+key2+key3+key4;grp=[group]" border="0" width="1" height="1"></a> Building Photo Uploaders with XAML Who says Windows can't play nice with open source applications? Jack Herrington uses the XAML technology on Windows Vista to create a visually appealing and user-friendly image uploading application for getting pictures into a PHP web application.

PHP DevCenter

PHP Tutorials Examples phPro - Tutorials Articles Examples Development

CodeDiesel : PHP and MySQL Journal : Articles and ideas related to php and mysql development

PHP Freaks Forums - Index

Description of core php.ini directives

http://php.net/manual/en/ini.core.php#ini.open-basedir

Here's a short explanation of the configuration directives. include_path string Specifies a list of directories where the require , include , fopen() , file() , readfile() and file_get_contents() functions look for files. The format is like the system's PATH environment variable: a list of directories separated with a colon in Unix or semicolon in Windows. PHP considers each entry in the include path separately when looking for files to include.

30 November -0001 PHP's default configuration file, php.ini (usually found in /etc/php.ini on most Linux systems) contains a host of functionality that can be used to help secure your web applications. Unfortunately many PHP users and administrators are unfamiliar with the various options that are available with php.ini and leave the file in it's stock configuration. By utilizing a few of the security related options in the configuration file you can greatly strengthen the security posture of web applications running on your server. Safe Mode

PHP Security Consortium: PHPSecInfo Test Details - allow_url_fopen

phpMyAdmin

Powerful component based mailing library for PHP – Swift Mailer

PHP Configuration Directives

Framework: Documentation: Zend_Acl - Zend Framework Manual

eAccelerator

APC

PECL :: The PHP Extension Community Library

Planet PHP

Security

PHP Video Tutorials For Web Designers - KillerPHP.com

Sending emails in PHP & email injection attacks

PHP DevCenter

PHP Tutorials Examples phPro - Tutorials Articles Examples Development

CodeDiesel : PHP and MySQL Journal : Articles and ideas related to php and mysql development

PHP Freaks Forums - Index

Description of core php.ini directives

Hardening PHP from php.ini

PhpUserGroups.org

New York PHP Community Meetup and User Group

New York PHP User Group Community

PHP Manual

Summary « TUTORIAL

PHP Help, PHP Code - Codewalkers.com