PHP Manual
Security
Introduction
General considerations
Installed as CGI binary
Installed as an Apache module
Filesystem Security
Database Security
Error Reporting
Using Register Globals
User Submitted Data
Magic Quotes
Hiding PHP
Keeping Current
General considerations
Possible attacks
Security
PHP Manual
Installed as CGI binary
Table of Contents
Possible attacks
Case 1: only public files served
Case 2: using cgi.force_redirect
Case 3: setting doc_root or user_dir
Case 4: PHP parser outside of web tree