Home About Articles Contact Library Projects

Consortium News

Fri, 20 Oct 2006
PHP Security Consortium Launches New Project - PHPSecInfo

Wed, 16 Nov 2005
Daniel Convissor Elected as Principal

Promotional Links

Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information

expose_php

Test Description

This test determines if the expose_php setting is enabled.

Security Implications

When enabled, expose_php reports in every request that PHP is being used to process the request, and what version of PHP is installed. Malicious users looking for potentially vulnerable targets can use this to identify a weakness.

expose_php is enabled by default.

Recommendations

Turn expose_php off. It won't by itself fend off a determined attacker, but it will lower visibility to attacks that rely on simple reconnaissance techniques to scan for vulnerable targets.

You can only disable expose_php in the php.ini file:

; Disable expose_php for security reasons
expose_php = 'off'

More Information

PHP.net manual: expose_php

« Test information index

Get PhpSecInfo

Download Now »

Version: 0.2.1 20070406
md5 hash

Documentation

Mailing List »

Screenshots:

PhpSecInfo screenshot

PhpSecInfo screenshot