PHP Manual
Security
Introduction
General considerations
Installed as CGI binary
Installed as an Apache module
Session Security
Filesystem Security
Database Security
Error Reporting
User Submitted Data
Hiding PHP
Keeping Current
General considerations
Possible attacks
Security
PHP Manual
Installed as CGI binary
Table of Contents
Possible attacks
Case 1: only public files served
Case 2: using cgi.force_redirect
Case 3: setting doc_root or user_dir
Case 4: PHP parser outside of web tree