Security Information About PHP

PhpSecInfo Version 0.2.1; build 20070406 · Project Homepage

Curl

Test Result
file_support
Pass
You are running PHP 4.4.4 or higher, or PHP 5.1.6 or higher. These versions fix the security hole present in the cURL functions that allow it to bypass safe_mode and open_basedir restrictions.
Current Value: 7.4.33
Recommended Value: 5.1.6+ or 4.4.4+

Session

Test Result
save_path
Notice
save_path is disabled, or is set to a common world-writable directory. This typically allows other users on this server to access session files. You should set save_path to a non-world-readable directory
Current Value: /var/cpanel/php/sessions/ea-php74 (1733)
Recommended Value: A non-world readable/writable directory
use_trans_sid
Pass
use_trans_sid is disabled, which is the recommended setting
Current Value: 0
Recommended Value: 0

Core

Test Result
allow_url_fopen
Warning
allow_url_fopen is enabled. This could be a serious security risk. You should disable allow_url_fopen and consider using the PHP cURL functions instead.
Current Value: 1
Recommended Value: 0
allow_url_include
Pass
allow_url_include is disabled, which is the recommended setting
Current Value: 0
Recommended Value: 0
display_errors
Pass
display_errors is disabled, which is the recommended setting
Current Value: 0
Recommended Value: 0
expose_php
Pass
expose_php is disabled, which is the recommended setting
Current Value: 0
Recommended Value: 0
file_uploads
Notice
file_uploads are enabled. If you do not require file upload capability, consider disabling them.
Current Value: 1
Recommended Value: 0
memory_limit
Notice
memory_limit is set to a very high value. Are you sure your apps require this much memory? If not, lower the limit, as certain attacks or poor programming practices can lead to exhaustion of server resources. It is recommended that you set this to a realistic value (8M for example) from which it can be expanded as required.
Current Value: 134217728
Recommended Value: 8388608
open_basedir
Notice
open_basedir is disabled. When this is enabled, only files that are in the given directory/directories and their subdirectories can be read by PHP scripts. You should consider turning this on. Keep in mind that other web applications not written in PHP will not be restricted by this setting.
Current Value: 0
Recommended Value: 1
post_max_size
Notice
post_max_size is not enabled, or is set to a high value. Allowing a large value may open up your server to denial-of-service attacks
Current Value: 33554432
Recommended Value: 262144
upload_max_filesize
Notice
upload_max_filesize is not enabled, or is set to a high value. Are you sure your apps require uploading files of this size? If not, lower the limit, as large file uploads can impact server performance
Current Value: 8388608
Recommended Value: 262144
upload_tmp_dir
Notice
upload_tmp_dir is disabled, or is set to a common world-writable directory. This typically allows other users on this server to access temporary copies of files uploaded via your PHP scripts. You should set upload_tmp_dir to a non-world-readable directory
Current Value: /tmp (1777)
Recommended Value: A non-world readable/writable directory

Tests Not Run

Test Result
CGI::force_redirect
Not Run
You don't seem to be using the CGI SAPI
Core::group_id
Not Run
Functions required to retrieve group ID not available
Core::magic_quotes_gpc
Not Run
You are running PHP 6 or later and magic_quotes_gpc has been removed
Core::register_globals
Not Run
You are running PHP 6 or later and register_globals has been removed
Core::user_id
Not Run
Functions required to retrieve user ID not available

Test Results Summary

Test Result
Notice
7 out of 13 (53.85%)
Pass
5 out of 13 (38.46%)
Warning
1 out of 13 (7.69%)