Consortium News
Promotional Links
Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information


Test Description

Checks the user ID of the PHP process to see if it is less than 100.

Security Implications

User IDs under 100 are generally reserved for privileged/system users. If PHP executes as a userid under 100, it may have access to read or manipulate system files.


Change the user and group that PHP executes as. If you're using the Apache module, you'll need to change what user Apache runs as with the User and Group directives. If PHP is executing as a CGI, look at a method of executing CGIs as a non-privileged user like Apache's suEXEC or mod_suPHP.

More Information

« Test information index

Get PhpSecInfo